Cyberinsurance or self-insurance: dealing with the latest wave of ransomware attacks

IT security, online security, cyber security czar, cyberinsurance, cyber resilience

With the ongoing threat of cyberattacks, cyberinsurance has made it onto the agenda of many business leaders. A cyberinsurance policy promises to pay a monetary sum to cover the costs of being attacked. However, it doesn’t materially contribute to recovering from an attack and may not even cover the full costs of remediation, depending on the policy. Self-insurance against ransomware attacks in the form of unimpeachable backups can be a stronger approach for organisations.

While there are cybersecurity tools available that can help protect organisations from malicious attacks, ransomware is a particularly insidious threat that can be very hard to defend against. Even though organisations should deploy the strongest IT security tools they can afford, the fact remains that attacks will occur and the odds of an attack succeeding are, unfortunately high.

Adding complexity to the recovery process is the fact that attackers are now targeting backups prior to attacking production data – a victim that cannot turn to their backups for recovery is far more likely to pay any ransom demanded to get production data back.

While a cyberinsurance policy may help offset or defray some of the financial costs associated with the downtime associated with a ransomware attack, it does nothing to help get the business back operational in a meaningful timeframe. Cyberinsurance may pay for some of the losses; however, the premiums can be enormous, and it can be hard to understand exactly what’s covered under the policy. In fact, it could be possible that ransomware attackers are deliberately targeting organisations that have insurance because they know these organisations are more likely to pay the ransom.

This all leads to the conclusion that cyberinsurance should be considered a cost reduction strategy, which can be pursued after a business is back to normal operations. Infrastructure solutions that help ensure backups cannot be compromised, and more importantly, ensure data can be restored in a timely fashion, should be the primary investment and can be considered a form of self-insurance.

The right type of backups can significantly mitigate the risk of significant disruption and financial losses following a ransomware attack in the following three ways:

1. Protect backups from attack
Most backups are just as vulnerable to cyberattacks as the company’s original data. Organisations should look for solutions that can augment existing backup platforms and add an immutable layer of protection around them so that even in the event of an attacker having compromised administrative credentials they are unable to damage backups.

2. Use a fast recovery system
A cyber breach is quite likely to be the only scenario that triggers a full restore of all data.  Legacy backup (not recovery) solutions handle the backup well; however, were never designed to actually restore the data quickly. Augmenting existing backup platforms to restore mission-critical systems in a timeframe that is acceptable for getting the business operating again is critical.

3. Choose an easy-to-use solution that you can build easy processes around
When the business is under attack and stress levels are high, the last thing the IT team needs is a complex, hard-to-use disaster recovery system hindering the recovery process. Instead, it’s important to choose a solution that restores data quickly and reliably with just a few clicks – using the existing data protection software stack.

While insurance companies are still working to determine the best approach for cyberinsurance policies, savvy businesses are proactively moving to self-insure or protect themselves, from ransomware attacks. Putting the right infrastructure solutions in place will help businesses reduce their risk profile by ensuring backups are protected from attack and decreasing the time to recover from attacks. This helps mitigate the ransomware risk and reduce business impact.