“At least 50% of the time there’s not really an option,” he said. “Not only have they encrypted the data, they’ve encrypted the backups and there’s no way to recover without paying the ransom.”
Motta argues that insurers are helping the industry by raising the level of cybersecurity due diligence by firms. And those efforts redouble after a high-profile incident like Colonial’s, according to Adam O’Donnell, a cybersecurity expert at Internet 2.0.
“I’ve seen a lot of organizations where their self-assessment maturity is very high, and then a very basic cyber attack proves that they’re completely wrong,” O’Donnell said.
Insurers have responded to the surge in attacks by ramping up scrutiny of new clients and their efforts to protect data, according to Marsh’s McCabe. Axa SA’s France business is no longer underwriting new policies that reimburse for ransomware, according to a spokesperson. Other insurers have sought to cap their exposure, according to CAC’s Lantrip.
For now, the question of how to stop the cycle of ransomware attacks and payments remains.
“You have to go after the money,” Coalition’s Motta said. “Some of these threat actors bring in more haul than international drug cartels.”
This article was provided by Bloomberg News.