Ransomware does damage beyond the ransom fee, writes Graeme Newman, Chief Innovation Officer at business insurance company CFC Underwriting.
Headlines about ransomware have been hard to avoid lately. May’s WannaCry attack and June’s NotPetya attack has reinforced just how devastating these attacks can be, affecting companies of all sizes, in all industries, and in dozens of countries. This goes to show that when it comes to ransomware – no business or institution is ever safe.
Ransomware is a type of malware that infects computer systems with a malicious software programme that searches for data files and encrypts them so they are inaccessible without the decryption key. Their owners are then threatened with losing all of their data unless they pay for this key. As recent attacks have indicated, it’s a trend that is very much on the rise, and this is reflected in our own data. In Q1 of this year, ransomware accounted for 20.5pc of our claims, compared to just 12.9pc in the same time period in 2016. Following this recent spate of high profile cyber incidents, the National Crime Association findings that cybercrime rates have overtaken traditional crime rates should come as no great surprise. This serves as an important warning to businesses and institutions to update the security and mitigation methods they currently have in place.
Why are we seeing so many ransomware attacks?
One of the key drivers behind ransomware’s dramatic growth is the ease with which an attack can be carried out. As we have recently seen, attacks can create havoc on a global scale. It is worrying that these widespread incidents can be launched with the simple purchase of an online kit that can be found and bought on the dark web, and once used, come with very little risk of being caught. Of course the idea of being held to ransom feels like the scariest piece of the puzzle, but it is interesting to note that the ransom itself is usually the least consequential part of an event. We have found that the average ransom demand is usually around $300. But this relatively small fee is trivial when compared with the aftermath of an event. It’s not unusual for us to receive claims of around $10-20k in order to repair damage caused by ransomware, and if severe enough, some can escalate into the hundreds of thousands.
How do the costs rack up so quickly? Probably the biggest expense a business will face after an attack is business interruption. Just getting into a position where systems are operating normally again can take weeks, and this means significant revenue is lost. After an attack, it’s also common to need to bring in IT specialists to rectify and restore systems, forensic investigators to analyse how the attack occurred and where vulnerabilities lie, and even PR specialists to publically manage the issue. Before long, these costs can rack up to a total that can cripple a business.
Crime has changed, so too must our defences. The good news is that a typical cyber insurance policy can cover these expenses whilst also giving clients immediate access to specialist providers who can help a business manage the incident from the start. And many insurers have panels of specialists in place that can help firms through each stage of incident response, from rectifying systems to handling public relations.
If the recent ransomware attacks have taught us anything, it’s that any business, any individual, indeed any government is a potential target. Universities such as UCL, large organisations like the NHS, and national infrastructure in places like Ukraine have all fallen victim to this crime. Is the UK ready for this new wave of modern threat? Preparation is key and failure to do so will guarantee that the business cost extends far beyond the ransom fee.