Cyber insurance providers — including Marsh and Resilience — reported upticks in ransomware claims in 2023, compared to 2022. Several well-known brands fell victim to these attacks, including Dole Foods, Dish Network and Yum brands (the parent company of KFC and Taco Bell).
In March 2023, the White House unveiled its National Cybersecurity Strategy. It classifies ransomware attacks as a national security threat and calls for the United States to pursue “a more intentional, more coordinated, and more well-resourced approach to cyber defense.” Companies that commit to a similar approach can help prevent, detect and respond to attacks, thereby minimizing damages and reputational harm.
Ransomware is a type of malware that, once downloaded, prevents access to computer systems or files until the user meets the perpetrator’s payment demands. The underlying cause is often a malicious email that’s sent to an employee. Malware may be embedded in attachments, or the email might contain a link to a website that will install malware on the user’s computer and, from there, infiltrate the network. Frequently, the email appears to come from legitimate business partners, co-workers, law enforcement officials or IRS representatives.
Another threat is malicious advertising that infects a user’s computer with little or no interaction. For example, an employee might encounter “malvertising” while browsing the internet. A malicious site may deliver the ransomware directly or be used to launch an attack against a targeted user.
Once a device has been compromised, the perpetrator gains a foothold in the user’s IT environment. Until the breach has been detected, the hacker is free to explore the user’s network for vulnerable systems and data and to encrypt data indiscriminately. Then the hacker can demand a ransom for the decryption key needed to restore network access.
Organizations should take proactive steps to protect their networks. These include:
Training. Employees should know the mechanics of ransomware attacks and why opening unsolicited emails and searching unsecure websites can be harmful. Companies should require staff to complete regular cybersecurity training sessions. Then test emails can be used to simulate ransomware attacks and assess whether training has been effective.
Security products. Antivirus software, firewalls and email filters can be installed to keep external hackers from accessing users and networks. It’s also important to update all operating systems and applications on users’ computers. Perpetrators target vulnerable systems and applications.
Backups. Ransomware victims that regularly back up files may be able to restore their networks. The keys are early detection and backup storage on devices that are separate from infected networks, such as external hard drives or Cloud servers.
Insurance. Professional and general business liability insurance policies generally don’t cover ransomware losses. So, many organizations buy cyber liability and breach response insurance to fortify their defenses. These may be separate policies or add-ons to existing policies and generally cover a variety of risks, depending on the policy’s scope. Insurance typically protects against liability or losses from unauthorized access to electronic data and software. But policies should be carefully reviewed to understand what’s specifically excluded from coverage.
Unfortunately, preventive measures sometimes fall short. Organizations that become ransomware victims may be tempted to quickly pay the ransom to minimize losses. But paying ransom can be costlier than restoring data from backup files or other means. Plus, there’s a risk that criminals won’t hand over a decryption key once they have the money.
Cyber insurance providers, attorneys and financial advisors can work together to help clients determine the appropriate course of action. This includes reporting the incident to law enforcement; restoring systems; and communicating the effects to employees, customers and other stakeholders. Contact us if you have any questions.