Small-to-medium-sized businesses (SMBs), who have become a favorite target of cybercriminals are concerned about they will meet ransomware demands, according to BlackBerry and Corvus Insurance’s latest cyber insurance report.
The survey of 450 business decision makers for IT/security solutions in the U.S. and Canada shows that SMBs are increasingly being targeted, but only 19% have ransomware coverage limits over $600,000, while over half (59%) hope the government would cover damages when attacks are linked to nation-state groups.
Citing a recent Forrester report that found a typical data breach would cost the average organization $2.4 million, the study suggests SMBs are both uninsured and underinsured.
In addition to relying on the government to help them respond to nation-state-related ransomware incidents, 50% of SMB respondents hoped the government would increase financial aid in all ransomware incidents.
“Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage,” said Shishir Singh, EVP and CTO, Cybersecurity at BlackBerry, in a statement. “It’s vital businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk.”
Over one-third (37%) of respondents said they aren’t currently covered for any ransomware payment demands. Meanwhile, 43% are not covered for auxiliary costs such as court fees or employee downtime.
Only 55% of respondents currently have cyber insurance, while 28% intend to acquire coverage. And nearly four in five (78%) simply tacked cyber insurance onto another policy.
Cybersecurity insurance has become harder to get, most likely due to increased software requirements placed by insurance brokers, the survey found. Over one-third (34%) of respondents were denied coverage due to not meeting specific endpoint detection and response (EDR) software requirements. These increased requirements may be having a real impact on reducing ransom payouts, according to the Blackberry and Corvus Insurance report.
Vincent Weafer, CTO at Corvus, said in a statement that continuing to adhere to software requirements is one the best ways to fight the ransomware industry.
“In our portfolio alone, we’ve seen a 50% reduction in the ratio of ransom demands that end up being paid. Better software adoption is a critical element in better positioning organizations to stand up to attackers,” Weafer said.
Leave a Reply