The University of Calgary has confirmed it forked out £10,859 (CAD$20,000) to recover its data after it was infected with ransomware. To respond to such threats insurers are having to alter the speed of their services.
University of Calgary vice president Linda Dalgetty told Bloomberg
the decision to pay the ransom was made to protect the work of their staff.
“We are a research institution, we are conducting world-class research daily and we don’t know what we don’t know in terms of who’s been impacted. The last thing we want to do is lose someone’s life’s work,” she said.
Ransomware, software that encrypts information on a network and demands a payment to unlock it, is becoming more and more prevalent. As scammers have more high profile successes, attacks are only going to increase.
Stephen Ridley, senior development underwriter of cyber and data risks from Hiscox
UK, said the company’s cyber insurance business has been growing rapidly.
“We’ve probably written about three and a bit times the business than we had this time last year,” he said.
One of the big changes Ridley has seen is businesses are now seeking out cyber insurance willingly, rather than being strongly encouraged by brokers to purchase it.
For insurers looking to support a business through a ransomware attack, speed is the key. Often attacks are accompanied with a timer, claiming the data will be unrecoverable after only a few hours. Ridley said insurers must include on-call IT analysists as part of their policies to respond quickly in the case of an attack.
“Having that panel of companies that can come in straight away is really important, rather than have it come in and have to go through a normal insurance claim process,” he said.
If IT analysts determine the data can’t be recovered from a back-up, Ridley said Hiscox
’s cyber insurance would cover the cost of the ransom as well as verify the legitimacy of the decryption key.
“In some of the cases that we’ve dealt with so far it’s been a case of having to test that decryption key,” he added. “Isolating a small part of the network and making sure that it’s not going to cause even more damage, and then once that’s been validated its actually deploying the decryption key.
“We’ve had quite a few cases where although the decryption key is legitimate, it hasn’t worked on all of the data.”
With attackers growing more sophisticated as they go, the cyber insurance market is going to continue to rapidly grow as more complex threats continue to develop.
Keeping on top of cyber risks
Arthur J Gallagher launches crisis resilience solution