Barracuda - Cyber Insurance Wont Save You From Ransomware

Barracuda - Cyber Insurance Wont Save You From Ransomware

Many businesses have some form of cyber insurance as a precaution in case of a data breach or other cyberattack. In some cases, ransomware attacks are also covered by that insurance. If you have ransomware coverage, you might think that your ransomware woes are behind you. After all, isn’t that the point of having insurance?

But what does having ransomware insurance really mean?

Here are some things to keep in mind:

  • Insurers now more so let you deal with the ransomware incident and dispute the decisions made or the coverage given. This means that you, as the customer, could have the burden of the ransomware response and a fight with your insurance company, even if your insurance initially pays out.
  • There is no standard ransomware insurance policy. The terms of the policy, what it covers, and what it doesn’t cover can vary widely. Insurers are changing the language of contracts as they attempt to limit their rising costs by limiting what is covered.
  • The amount covered in a ransomware attack may be far less than the actual cost of that attack. Your coverage may or may not cover downtime or business interruption, the ransomware amount, negotiation with attackers, infrastructure replacement, and expert consultation for managing the ransomware crisis.
  • Insurance companies are increasingly requiring security measures such as network protection or email protection from phishing as a condition of ransomware coverage. If you don’t follow these and other conditions to the letter, your insurance company might deny coverage.
  • Paying ransoms to unknown actors, possibly operating in sanctioned countries, is a grey area — it is technically against U.S. law according to a recent advisory from the U.S. Dept. of the TreasuryThe European Union and the UK have issued similar guidance. This might be better for reducing ransomware attacks overall, but it limits what the insurance companies can do to resolve a ransomware issue for insured companies in the short term.
  • If the ransomware event is judged to be an act of war — a very possible scenario in 2022 — you might not have coverage. Some insurance companies have been adding language to contracts to specifically limit cyberwarfare coverage due to a recent legal challenge.


View our eBook
Don’t Pay The Ransom, A Three-Step Guide To Ransomware Protection

What does all this mean?
Even if you have ransomware insurance, you should protect your business as though you had no insurance. Insurance money can fund your recovery from ransomware to a certain extent, but you’re never going to get back stolen data. Even if you “buy back” your stolen data, the attacker still has it and may demand payment from time to time to prevent its release. In addition, it can be hard to find every bit of malware that an attacker may have placed during a breach. Many companies find that they are attacked many times within a year — sometimes even from the same attackers.
 
How to protect yourself
Barracuda has the most comprehensive ransomware protection portfolio available. We can help you prevent a successful ransomware attack by blocking the initial phishing attempt or a web application breach, as well as securely backing up your data so you have data for recovery purposes.

Get started today by downloading our Ransomware Protection Checklist or by contacting us for a free ransomware protection consultation. We can help you go through your environment to secure any ransomware vulnerability points so you can feel secure in the fight against ransomware.

View our eBook
Don’t Pay The Ransom, A Three-Step Guide To Ransomware Protection