Intelligent CIO LATAM Issue 11 - Page 53


How ransomware is destabilizing cyber insurance – and what to do about it

With the rise of Ransomware-as-a-Service ( RaaS ) techniques , double extortion attacks and the low cost of ransomware kits , unsustainable loss ratios have convulsed the insurance market . Thom Langford , Global Security Advocate at SentinelOne , discusses why in order for businesses to protect themselves from ransomware , they need to stop choosing between investing in a better security stack or getting insurance cover .

It used to be relatively easy for companies to secure cyber insurance . Indeed , many insurers leveraged cash-flow underwriting on cyber policies in order to pad out their books with premiums and , as a result , brokers were generally able to secure blanket cyber coverage for their clients at a good price .

However , with arguments over whether this insurance model was ever going to be sustainable in the long-term aside , evolving cyberthreats are testing organizations ’ resiliency . In response , cyber insurance providers are becoming more versed in and responsive to specific cybersecurity threats , triggering shifts in insurance trends . In particular , the current ransomware threat landscape means not only is the cyber insurance bubble set to burst , the whole system is at risk of destabilizing entirely .
The threat of ransomware attacks is escalating in terms of both volume and monetary value . When REvil operators exploited a bug in the Kaseya VSA software back in July , the criminals requested US $ 50 million for the universal decryption key . To put this into context , one estimation of all the ransomware extortion payments for 2020 was totalled at US $ 350 million .
One contributing trend here is that the pandemic has forced many organizations to move to the cloud sooner
www . intelligentcio . com INTELLIGENTCIO LATAM 53