How Canadian and US businesses handle ransomware demands - report

How Canadian and US businesses handle ransomware demands - report | Insurance Business Canada

How Canadian and US businesses handle ransomware demands - report

A new report jointly produced by BlackBerry Limited and Corvus Insurance assessed the way US and Canadian businesses handled ransomware demands, finding that many hope their respective governments can help cover some – if not all – of the ransom amounts.

Some 450 business decision makers for IT/security solutions in both the US and Canada were surveyed for the “BlackBerry Cyber Insurance Coverage.” It was found that only 19% had ransomware coverage limits above US$600,000 – a cause for concern, the report noted, citing a recent Forrester report which estimated that a typical data breach would cost the average organization US$2.4 million to investigate and recover.

Of the 450 participants, over half – 59% – indicated that they hoped their government would cover damages when future ransomware attacks are linked or sponsored by other nation-states.

The figures do not look any better when viewed in terms of small-to-medium businesses (SMB), which are popular targets for cybercriminals. Among the surveyed businesses with under 1,500 employees, only 14% have a coverage limit in excess of US$600,000. It was also found that 50% of SMBs said that they hope their governments would increase financial aid in all ransomware incidents.

Many of the surveyed businesses also reported that their cyber insurance coverages are not adequate. Some 37% of respondents are not covered for any ransomware payment demands, while 43% are not covered for auxiliary costs such as court fees or employee downtime.

"Not only are there more ransomware threats than ever, but the criminals are more ruthless,” said BlackBerry executive vice president and chief technical officer Shishir Singh. “They will iterate threats and wait patiently in order to extract maximum damage.”

Singh added that the cybercriminal underground is increasingly sharing learnings and partnering among themselves to make their threats as efficient as possible.

“It's vital businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk."

It was also noted by the report that cyber insurance has become a lot more difficult for businesses to secure, due to increased software requirements by insurance brokers. A good 34% of respondents said that they were denied coverage for not meeting specific Endpoint Detection and Response (EDR) software requirements.

"Though it might sound counterintuitive, continuing to adhere to software requirements is one of the best ways to fight the ransomware industry," advised Corvus Insurance chief technical officer Vincent Weafer. "In our portfolio alone, we've seen a 50%reduction in the ratio of ransom demands that end up being paid. Better software adoption is a critical element in better positioning organizations to stand up to attackers."

Read more: Ransomware attacks ease after peaks in early 2021 – report

These findings come after a previous report from Corvus Insurance found that ransomware attacks have begun to ease at the tail end of 2021. That report concluded that the lower cost and severity of ransomware claims in Q4 2021 were being driven by underwriting entities requiring more robust security features from clients before any coverage can be offered.