How Cyber ​​Insurance Is Evolving Amid The Ransomware Tsunami – Virtualization Review



How cyber insurance is changing amid the ransomware tsunami

With the recent upsurge in ransomware attacks, insurance companies have paid out huge sums of money, so they are cracking down on rules and regulations to reduce their exposure.

“Remember that a lot of what we’ve been talking about in cybersecurity and cyberinsurance right now is 100% different than it was five or six years ago,” an expert said. computer science. John O’Neill Sr. at yesterday’s half-day online summit presented by Virtualization and cloud reviewtitled “Modern Hybrid Cloud Data Backup & Recovery”, now available for on-demand viewing.

O’Neill Sr., Chief Technologist at AWS Solutions, presented with his partner David KawulaSenior Management Consultant at TriCon Elite Consulting.

Material rotation
One way cyber insurers have evolved was detailed in the duo’s response to an audience member’s question about whether the standard five-year material rotation scheme still makes sense for small businesses.

“Many cyber insurance policies now have endorsements that if you run out of material, you could be in breach of your policy.”

David KawulaSenior Management Consultant, TriCon Elite Consulting

“I think one of the big bits – and you know, John, I’d like you to maybe talk about this – is the fact that a lot of cyber insurance policies have endorsements now that if you run out of- hardware support, you could be in violation of your policy,” Kawula noted. “So if your hardware gives you a 60-month, five-year warranty, and that’s it, that could be your rotation locked for that.”

O’Neill Sr., the cyberinsurance expert among the two, replied, “Dave, you know, I spend a lot of time working on cyberinsurance, including understanding how it’s evolved and what it does. Because ultimately I want people to have insurance that will pay when they need it to pay, not just a policy that gives them that warm and fuzzy [feeling] that ‘Okay, I have insurance, it’s going to be there.’ Because, as you mentioned, there’s a lot of new fine print, if you will – endorsements – underwriting requirements, that sort of thing, that when you have an event, and they do a forensic analysis, if any of these things attested to you, you said, “Yes, I don’t have unsupported equipment”, and you do, they will use it to not pay . And you can argue, you can stomp, but you still don’t have all that money and stuff. So that’s awful.

The high level checklist
[Click on image for larger view.] The high level checklist

“And they’re getting more and more rigid about requiring your software and your hardware, the manufacturer to support it. So all these companies calling you up and saying, ‘Hey, you know, we know Dell has stopped to support this model, but we’ll take care of supporting it for you and everything else, and it will be fine by your insurance company. This is not true. I have analyzed many cases of that kind. And the reason insurers don’t accept that is because they’ve proven that no one but the manufacturer can easily fix a safety issue. And no matter what subsystem it shows up, so whether it’s in the base firmware, whether it’s in, you know, the UEFI, or whether it’s in your network card firmware, whatever, only manufacturers in which they have confidence to solve this is a problem.

So my suggestion is that you check the life cycle of that hardware you’re going to buy directly from the vendor, extend your warranty for as long as you can, and consider other options. Because a lot of people — especially right now — people are starting to get a little nervous with some of the investments to be made right now and that kind of thing with the economy. So consider other options, like cloud-based backups, solutions or that sort of thing.”

How often do victims pay?
O’Neill Sr. also answered a question from the audience about how often organizations ultimately have to pay a ransom demand.

“So actually, in preparation for an upcoming discussion, I’ve just been looking over the past few weeks at data from many insurance companies on this exact question,” O’Neill Sr replied. looks like right now it’s about a 50/50 split so what that means is that out of the claims made they were analyzing about 50% of those claims involving the payment of some level of ransom or charge to the attacker.

“Now on the other 50%, don’t just assume it’s because those people had a better disaster recovery strategy. And they were able to thwart the attacker and get it all back without paying the ransom. There’s a number in there that represents the people who couldn’t pay the ransom. And by couldn’t, I mean, not only that they didn’t have that slush fund, or that they didn’t have the money available, but the attacker was on a terrorist watch list or something, where the government is preventing them from getting paid.”

A recent ransomware trends report also provided data on payments, finding that many victim organizations paid ransoms and recovered their data, but almost as many recovered their data without paying the ransom or paid the ransom and did not. still haven’t recovered their data.

Did you pay the ransom?
[Click on image for larger view.] Did you pay the ransom? (source: Veeam).

The report also detailed how the ransoms were paid.

How was the ransom paid?
[Click on image for larger view.] How was the ransom paid? (source: Veeam).

Yet another recent report revealed the top motivations for paying.

Main motivations to pay
[Click on image for larger view.] Main motivations to pay (source: Cybereason).

Refunds, no direct payments
The topic of how insurance companies pay ransomware claims – if you’ve dotted all your I’s and crossed out all your T’s so they absolutely have to – was also brought up.

“In fact, the cyberinsurance provider does not prepay these funds,” Kawula noted. “They don’t just have a slush fund and say, ‘Hey look, yeah, we’re going to pay the 30,000.’ No, that customer has to offer that. And that’s a reimbursement mechanism. So, regarding this scenario where you may have to pay, John, is there a potential scenario where, say you got caught, and you had to pay – which a lot of customers have, c is big business ransomware – how do you pay for it? Is it something cyber insurance does, takes care of for you, or do you need to have a fund set aside to actually take care of it? ”

The answer: “Well, you definitely have to have some sort of mechanism, whether it’s a line of credit, or something like that, that you can afford. And to explain that, I’m going to give you a little background. So , your insurance policy, there are a few different areas, and the ones you are most concerned about are who pays for the loss, so you have to pay the ransom, or you have to replace the hardware, you have to pay consultants, all those kinds of costs. And then there’s the part that pays for lost business, right? If you’re a large organization and you’re down, and let’s say your revenue generation is , you know, $100,000 a day or $1 million a day , whatever it is, you lose that, because you’re down — you had to quit — and you can’t afford to pay your employees, you can’t afford to pay your suppliers, you know, that has a That’s why where your insurance policy generally includes an operating loss clause.

“Now, conventionally, these things are pretty easy. So you have a fire, they know where the fire started, they know what the cause was, they can estimate recovery pretty quickly and accurately and start getting payments. With cyber, it’s become a lot more complicated. Before, it wasn’t that complicated and everyone had a false sense of security. But the only reason it wasn’t complicated is because that the insurance companies didn’t really understand it, as they do now.

Source link


Comments are closed.