WEB AND MOBILE FRAUD
Cyber insurance could create more targets
The increase in ransomware attacks is driving a growth in cyber insurance policies, but this could increase the problem, according to a new report.
While there’s an increasing number of publicly disclosed breaches and successful ransomware incidents there’s a risk that this will encourage criminals to target companies with extortion insurance to demand increased payments, say researchers at WatchGuard Technologies.
In countries that require mandatory breach disclosure, cyber insurance helps cover the costs and, sometimes, the lawsuits that result from these breaches.
More recently, insurers have promoted optional extortion insurance packages that cover the costs of ransomware and other cyber extortion payments.
“We find it concerning that insurers sometimes pay ransoms to recover their customers’ data,” explained Corey Nachreiner, CTO at WatchGuard Technologies.
"While we understand the business decision, insurers currently have no long-term actuarial data for cyber incidents and ransomware.
“It’s possible that paying ransoms will encourage this criminal business model and increase the number of incidents insurers have to handle or the cost of ransoms.”
As most studies show that at least one-third of ransomware victims already pay on demand, smart ransomware authors will target insurers to identify organisations with extortion insurance and then attack them directly.
“We expect SMBs to continue to adopt extortion insurance in 2018, but cyber insurance shouldn’t replace security controls and Best Practice,” urged Nachreiner. “We predict that insurance providers will start to implement guidelines that require companies to have strong security controls in place as a prerequisite. When combined with other layers of security, cyber insurance represents a great addition to a company’s cyber security strategy.”
Online security is seemingly becoming more compromised with each passing year. 2017 has witnessed some of the worst security breaches in history, such as the breach of Equifax, which impacted over 143 million clients in the US and abroad. There were also three major state-sponsored ransomware attacks affecting hundreds of thousands of targets around the world. Unfortunately, it looks like this is just the beginning.
“Ransomware assaults seem to be increasingly dangerous,” explained Marty Kamden, CMO of NordVPN. “Besides, system administrators are not ready to protect their networks from more sophisticated breaches. We believe that attacks will only become worse in nature.”
In addition, Internet freedom has been on a steady decline. For example, in the US, Internet Service Providers have the right to track customer data without consent and sell it to third parties. Net neutrality is under attack. Other countries are also passing freedom-limiting laws.
