Are You Insured Against Ransomware Attack?
What can happen when hackers strike
Just a few months ago, the National Association of Insurance Commissioners (NAIC) updated their statement on ransomware, saying:
“Between 50 and 75% of ransomware attack victims are small businesses. Small businesses are primary targets, as they typically spend less on security, making it easier to hack into the systems.”
If you’re a small business owner, those two sentences should make your heart skip a beat.
The fact is, if you become the victim of a ransomware attack, you’re in for a world of trouble that likely could have been avoided with a few proactive precautions.
And here’s another disturbing truth: Even if you have cyber-insurance, there’s no guarantee that all the costs stemming from that ransomware attack will be reimbursed.
That’s because as ransomware attacks increase, more and more insurance carriers are denying claims, especially when a breach could have been prevented with a few basic measures.
A few cybersecurity insurance facts
- According to a 2022 survey, only 55% of organizations have any kind of cyber insurance.
- About a quarter of all data breach claims had some exclusion written into the policy that prevented part-payout or full-payout.
- The average insurance claim for a cyberattack on a small to medium-sized business is $345,000.
- Expect to pay $500-$5,000 annually for a business policy, depending on your industry, company size, annual revenue, strength of security measures you’ve taken, amount of sensitive information, and—as with all insurance—coverage levels, and deductibles.
Cyber breaches are here to stay
In the first six months of 2022, there were an estimated 236 million ransomware attacks worldwide.Almost 50% of those attacks were against U.S. businesses, and more than 90% of those attacks were aimed at Windows systems.
To give you an idea of how frequent these attacks are, consider that in the last three years, cyber insurance claims have doubled.
So, how can you ensure that you’re adequately insured? (See what we did there?)
Make sure you follow insurance carrier requirements
Let’s hope you never become the victim of a ransomware attack. But if you are, you’re going to want cyber insurance that covers all your losses.
To increase the likelihood that you’ll be fully compensated, here’s a list of things you can do to increase the chances your claim will be accepted.
- Provide security awareness training to your employees (also phishing testing).
- Choose ransomware readiness protection software instead of simple virus protection.
- Use an Internet firewall appliance with intrusion detection.
- Employ web content filtering.
- Have Geo fencing.
- Protect against malicious redirects and DNS poisoning.
- Insist on two-factor-authentication.
- Make sure you keep up with critical bug fixes.
- Opt-in for Microsoft Office 365 security add-ons.
- Utilize disk encryption.
- Have a disaster recovery plan in place.
- Create and maintain employee termination lists to lock out past employees.
Do all these things, and only a shady insurance company will deny your cyber claim.
Use common sense
In summary, cyber insurance carriers want policyholders to put commonsense protections in place to repel avoidable attacks.
This shouldn’t shock anyone. We do a comparable thing in our homes—installing deadbolts, smoke alarms, and security systems. Carriers simply want you to protect your business as you do your home.
Maybe you’re in the dark about how secure your systems are—especially in light of the list above.
No problem. Give us a call at Franklin IT Support (804) 282-2282. In just a few minutes—and at a time that’s convenient for you—we can assess where you stand and what you need to do to rest easier.
We don’t sell cyber insurance. But we can make sure you check the 12 boxes above that insurers look for when considering whether to pay a claim. Give us a call.
About the author
Todd Whitlock is a technology leader who executes high-ROI software, hardware, and mobile support road maps aligned with your business objectives. Since 1998, company stakeholders have partnered to formulate strategic plans that guide the direction for their IT vision and daily operations. By leveraging forward-thinking intuition, Franklin IT Solutions is able to recognize new tools and technologies that prevent problems, reduce complexity, save money, and protect organizations.