Ransomware, AI and Threat of War Impact Cyber Insurance Coverage


January 29, 2024

World map

Many organizations are considering or have already purchased cyber insurance policies to cover the cost of a cyberattack or data breach event, and the increased risk from ransomware attacks in recent years had made cyber insurance even more appealing.

But today most insurers no longer cover all potential losses from ransomware attacks, such as the ransom payment itself, and those that do have increased premiums significantly.

A new report on cyber insurance trends which found insuring against cybercrime has grown to a $10 billion market, according to Fortune.

"The ongoing wars in Ukraine and Gaza have insurers on such high alert that many simply aren’t offering coverage any longer, on top of which AI is creating new and unpredictable cybersecurity risks. And insurers expect a significant increase in hacks in 2024, to boot."

Takeaway: Cyber insurers simply do not know how to adequately quantify ransomware risk to set premiums. For cyber insurance policies that do offer ransomware coverage, most will no longer cover the ransom payment because they can vary too wildly, so it is too hard to define actuarially.

Some reports indicate that insurers are paying out most or all of the premiums collected in claims, making the future of cyber insurance uncertain.

Data exfiltration and other double extortion tactics only further complicate the entire ransomware negotiation process, and most insurers will want to directly handle these negotiations with attackers to limit their liability.

This means the insurer will most likely be negotiating terms that are most favorable to their stakeholders, not the victim organization. And it's only after a ransomware attack hits an organization that they find out the policy only covers a fraction of the costs/losses/remediation.  

For a policy to be in force, the organization must have an extensive auditing of its security program.  

When the time comes to submit a claim and the organization is out of compliance - for example, if it did not apply patches in a timely manner or misconfigured security applications - they will be disappointed to find that their policy does not cover the attack.

Cyber insurance is not always a viable option for all organizations, and it's certainly not for companies who think they can indemnify instead of investing in security.  

Organizations must invest in a proactive approach to security, leveraging tools and solutions that will prevent a ransomware attack from being successful.  

Cyber insurance should be considered for risk reduction, but cyber insurance will not protect organizations from potential financial losses, sensitive data exposure, or legal and regulatory actions following an attack.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.