Businesses concerned about their ability to meet ransomware demands

Businesses are increasingly concerned about how they will meet ransomware demands, according to the BlackBerry Cyber Insurance Coverage study released Aug. 10.

The survey revealed that 19 per cent of respondents have ransomware coverage limits above $600,000, while 59 per cent hoped the government would cover damages when future attacks are linked to other nation-states.  

The study from BlackBerry Limited and Corvus Insurance found that small-to-medium sized businesses are especially at risk. Of businesses with under 1,500 employees, only 14 percent have a coverage limit in excess of $600,000.

"Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage," said Shishir Singh, Executive Vice President and CTO, Cybersecurity at BlackBerry. "For uninsured and underinsured organizations, this potentially puts them in extreme jeopardy. The cyber underground is increasingly sharing learnings and partnering to make threats as efficient as possible. It's vital businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk." 

The study found that many businesses reported cybersecurity coverages that are poorly tailored to their current situation. Thirty-seven percent of respondents aren't currently covered for any ransomware payment demands, while 43 percent aren't covered for auxiliary costs such as court fees or employee downtime. 

Meanwhile, cyberinsurance has become harder to get, due to increased software requirements placed by insurance brokers, found the study. Thirty-four per cent of respondents have been denied coverage due to not meeting specific Endpoint Detection and Response (EDR) software requirements, according to the survey.

"Though it might sound counterintuitive, continuing to adhere to software requirements is one of the best ways to fight the ransomware industry," said Vincent Weafer, CTO at Corvus. "In our portfolio alone, we've seen a 50 percent reduction in the ratio of ransom demands that end up being paid. Better software adoption is a critical element in better positioning organizations to stand up to attackers."