“Your files have been encrypted. You have 5 days to submit the payment, or your files will be lost.” The ominous message glaring out from your screen isn’t farfetched—or even unusual. Instead, this common scenario plays out continually. By the end of 2021, ransomware attacks are expected to target global businesses every 11 seconds."
Ransomware is on a meteoric rise – increasing in frequency, severity, and sophistication. As ransomware has proliferated over the past year, more than half of organisations have fallen victim to an attack. With increasing attacks come higher financial and operational impacts, including ransomware payments and associated costs, operational downtime, and remediation efforts.
Data exfiltration, the unauthorised copy or transfer of data, is becoming increasingly common with ransomware attacks as a coercion tactic to incentivise ransom payment. In Q4 alone, more than 70% of ransomware attacks involved the threat of data exfiltration. Hence, organisations are struggling with not only more ransomware attacks, but also the added privacy implications of data exfiltration.
Driven by the COVID-19 pandemic, businesses have greatly accelerated their digital transformation efforts. From healthcare organisations to government agencies to manufacturing companies and every industry in between, the rapid shift to remote work generally has created wider attack surfaces and less secure environments. The result? A boon to cybercriminals.
Ransomware is a type of malware that prevents access to a system or data until the victim pays a ransom. Using a variety of methods, attackers typically encrypt a victim’s files and render them incapable of opening. The attacker then provides instructions and requests a fee (aka, the ransom) in cryptocurrency from the victim, dangling a carrot in the form of a decryption key to unlock the encrypted data. Whether the victim pays or not, there is no certainty that the files will be returned or access restored.
In the world of ransomware, cybercriminals are the most common culprits. Cybercriminals conduct ransomware attacks for economic benefit. Ransomware tool kits are widely available for purchase on the dark web (think RaaS – Ransomware as a Service), enabling even less skilled cybercriminals to carry out ransomware attacks for profit. The ease with which attackers can execute ransomware attacks also contributes to its continued growth, notes the 2020 Data Breach Investigations Report.
Ransomware attacks impact individuals and organisations across industries and around the globe – no organisation is immune. Small and medium-sized businesses remain popular targets, representing 62% of incidents (Beazley 2020 Breach Briefing). In contrast, 38% of ransomware incidents target the middle market (defined as over $35 million in annual revenue). While ransomware is an issue across industries, some are harder hit than others. Healthcare, professional services, and financial services alone account for more than half of ransomware incidents. The healthcare industry is among the most targeted, with financially motivated cybercriminals using ransomware attacks to exploit sensitive patient data.
A ransomware incident can cause significant damage. And while a business cannot anticipate a specific ransomware attack, you can plan for the potential impact. Preparation makes all the difference. Businesses should carefully consider—in advance—how they would manage a ransomware attack: before, during, and after.
Our full suite of ransomware offerings encompass cyber risk management and insurance. This includes:
How would your organisation fare in a ransomware event? This quick, simple assessment efficiently analyses and provides insights into your ransomware preparedness. It delivers numerical scores, benchmarks from de-identified Marsh data, and provides findings via an executive-level report. Organisations are assessed across ransomware-specific preparedness indicators in seven critical areas, including employee awareness, backup policies and procedures, and technical controls.
What is my ransomware risk profile? This offering provides clients with insights to better understand, measure, and manage ransomware as a business risk. It models potential attack severity, pinpoints potential vulnerabilities, and identifies areas of improvement for insurance underwriting. This includes analysis on both historical and recent ransomware events. Clients can also tap into thought leadership resources, review potential vendors, and browse best practices — all in one central location.
Have you created a thorough incident response plan specific to ransomware? It is critical to develop a comprehensive incident response plan that enables organisations to prepare for, detect, respond to, and recover from a ransomware incident. This offering includes the identification of key stakeholders and their roles/responsibilities; development of response guidelines, procedures, and processes; establishment of event tracking; execution of detailed tabletop exercises; analysis of the financial impact of a ransomware incident; and identification and assessment of vulnerabilities in the plan itself. In collaboration with your counsel, we can help develop and implement a sanctions compliance program.
Marsh can help design a cyber insurance program with comprehensive coverage for ransom payments and associated costs. Cyber policies may also include preparation and response support (such as resources for clients on incident response planning, employee training, legal and forensics, and breach notification services), as well as balance-sheet protection for first- and third-party costs and liabilities (lost revenue and extra expenses, regulatory fines and penalties, data and hardware restoration and repair, and reputational harm).
Our cyber risk and insurance specialists are available to help you prepare in advance for a potential ransomware attack by assessing your readiness and building a complete response plan. We can also help you craft a cyber policy designed to provide broad coverage for cyber and technology risks that includes ransomware.
Ransomware can seem overwhelming and how to best respond can be confusing — we get it. We’ve helped clients across industries and around the world prepare for and respond to the unexpected.
The information contained herein is based on sources we believe reliable, but we do not guarantee its accuracy. Marsh makes no representations or warranties, expressed or implied, concerning the application of policy wordings or of the financial condition or solvency of insurers or reinsurers. The information contained in this publication provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation, and should not be relied upon as such. Statements concerning tax and/or legal matters should be understood to be general observations based solely on our experience as insurance brokers and risk consultants and should not be relied upon as tax and/or legal advice, which we are not authorised to provide. Insureds should consult their own qualified insurance, tax and/or legal advisors regarding specific coverage and other issues.
Copyright 2021 Marsh Pty Ltd. All rights reserved.