Gallagher offers tips on handling ransomware attacks

Gallagher offers tips on handling ransomware attacks | Insurance Business Australia

Gallagher offers tips on handling ransomware attacks

Ransomware attacks have become one of the most significant cyber threats in Australia since the COVID-19 pandemic began. In 2021, 80% of businesses globally experienced ransomware attacks. This year, 76% of global organisations expect to be successfully breached in the next 12 months.

In its latest blog, Gallagher identified business impacts and costs involved in a ransomware event:

  • Business interruption (usually the highest cost);
  • Investigation and notification;
  • Third-party liability claims; and
  • Rebuilding without ransom payment.

Gallagher said businesses that received a ransom demand must look into several factors before taking the next step – if they can restore data via backups, whether the sum might be negotiated or refused, or if there are legal ramifications to paying the attacker. In some cases, threat actors might be affiliated with groups subject to sanctions against legal payment, for example, links to terrorists or human trafficking.

Read more: Ransomware attacks – should Australian businesses pay up?

Gallagher advised businesses to improve their cybersecurity resilience because it is a crucial factor to consider when responding to the hackers: “Is your business data backed up so you're able to restore the lost information, for example? Do you have a business continuity plan?”

It also warned that ransom payment might expose the business to governance risks, noting increasing moves towards regulating ransom payments, especially if they are to criminal actors with links to sanctioned organisations. Therefore, when considering paying the ransom, businesses must take note of its broad implications, such as the legality of payment, reporting requirements, company directors' duties, regulatory risks and class actions, legislation impacts, insurance considerations, and reputational damage.

Having cyber insurance also helps in dealing with ransomware attacks because it provides expertise and support in a ransomware event, including access to experts in negotiation, forensic investigation, and remediation measures and cover for the legal and reputational costs involved.

“Because responding to a ransomware attack – even without paying a ransom – can destroy a business financially, having insurance that covers the major demands involved is critical,” Gallagher said.