Survey Shows Businesses Worry About Ability To Meet Ransomware Demands
August 25, 2022
Businesses are increasingly worried about their ability to meet ransomware demands, with many hoping for government assistance in the case of state-sponsored cyber attacks, a recent survey revealed.
According to the BlackBerry cyber insurance coverage study, only 19 percent of businesses surveyed have ransomware coverage limits above $600,000, while 59 percent hoped the government would cover damages resulting from future attacks linked to nation-states.
The study by BlackBerry and Corvus Insurance found the issue is particularly acute for small and medium-sized businesses. Among businesses with fewer than 1,500 employees, only 14 percent have coverage limits exceeding $600,000, the survey found. BlackBerry noted that a recent Forrester report estimated that investigation and recovery from a typical data breach would cost an average organization $2.4 million.
"Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage," Shishir Singh, executive vice president and chief technology officer, cyber security at BlackBerry, said in a statement. "For uninsured and underinsured organizations, this potentially puts them in extreme jeopardy.
"The cyber underground is increasingly sharing learnings and partnering to make threats as efficient as possible," Mr. Singh said. "It's vital businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk."
Many businesses surveyed indicated that cyber-risk coverages are poorly tailored for their current situations. Some 37 percent of respondents indicated they aren't currently covered for ransomware payments, while 43 percent reported they are covered for such costs as court fees or employee downtime.
Those surveyed also indicated that cyber insurance has become harder to purchase due to insurers' increased requirements. More than one-third of respondents indicated they'd been denied coverage due to not meeting specific endpoint detection and response (EDR) software requirements. BlackBerry noted, however, that those increased requirements might be having an impact on reducing ransom payments.
August 25, 2022