Some blame cyber insurers for the consistent rise in ransomware attacks

Several lawyers are arguing cyber insurance policies and payouts are fueling the rise in ransomware events.

Is cyber insurance fueling more ransomware attacks/? (Photo: Gorodenkoff/Shutterstock)

Recently, Delaware County, Pennsylvania, joined a growing list of entities struck by ransomware. The Philadelphia suburb announced that it paid $500,000 to regain full access to its network after hackers encrypted police reports, payroll and expense databases and other files. However, the ransom payment was covered by the municipality’s insurance, according to local media.

Ransomware payment coverage is fairly common in most cybersecurity insurance policies, as more organizations fall victim to cyberattacks. But some observers argue such payments are incentivizing hackers and creating more ransomware opportunities.

Pointing the finger at cyber insurers

Some lawyers believe cyber insurance payments are placing a larger ransomware target on businesses’ backs.

“Absolutely, that’s 100% why they [hackers] do it — to get the ransom,” said Dykema Gossett member Sean Griffin. “The more likely they’re to get the ransom, and the higher the ransom is going to be, the more likely they’re going to do it.”

Philip Yannella,  privacy and data security group leader at Ballard Spahr, added that because of cyber insurance coverage, an entity doesn’t have to be a Fortune 500 company or house significantly sensitive data to be a target.

“One of the reasons they target industries like municipalities is that they expect [them] to have coverage, and they expect they won’t have good backup systems and can’t afford to rebuild,” Yannella said. “All that goes into their calculus.”

But Travelers’ Enterprise Cyber Lead Tim Francis disagreed, noting that ransomware attacks would occur if insurance policies existed or not.

“I’m quite certain if cyber insurance went away tomorrow, ransomware attacks wouldn’t go away tomorrow,” he said. “I think threat actors will continue to take advantage of organizations, and frankly, whether a company is insured or not isn’t going to prevent a threat actor from taking over a company and trying to extort them for money.”

Still, Yanella said it’s become clear that when cyber actors discover ransomware insurance coverage, they gain some confidence in their ability to collect their ransom. “In some of the published ransomware negotiations, you’ll see the ransomware hackers say, ‘Is the insurance covering this?’ They know very well insurance carriers will cover this.”

Opposing argument defends insurers

However, some argued that hackers prey on weak cybersecurity, not cyber insurance policyholders.

“Many victims tend to be low-hanging fruit because they have insufficient defenses,” said  Kristen Dauphinais, head of U.S. cyber and tech at Beazley. “Until recently, the bad actors have been in the system and watched how the information flows and [after] doing a deep dive into the organization [they] may find evidence of insurance, but I wouldn’t say there’s a correlation.”

With the ransomware threat only growing, insurance carriers are also feeling the impact. Merely two years ago, ransomware claims weren’t as frequent or as expensive, and as claims rise, so do premiums and underwriting, Dauphinais explained.

Ransomware coverage was “historically a profitable segment,” she said. “That has changed dramatically with the uptick in the quantity, frequency and severity of events, and the cyber insurance has changed.”

Related: