Like many business executives, Elliot Luchansky learned the hard way how devastating a cyber ransomware attack can be. Luchansky, who was CEO of a cloud-based hosting service called iNSYNQ, was victimized not once, not twice, but four times by cyber criminals who encrypted and froze all the company’s data and would only decrypt it for a hefty price. The pain inflicted by the attacks surfaces as he relates the tales.
“It’s identical to you as if a family member was held for ransom,” he says. “It’s nightmarish to watch everything you’ve built over years get absolutely destroyed over the course of a few weeks.”
Luchansky was so moved by the experience he founded a new company, Airiam, specializing in cybersecurity, ransomware protection, management, and response. Airiam also partners with insurance carriers to help lower ransomware premiums.
“They can offer more competitive rates comfortably when they know that we're the ones lined up to get called in for protection, detection, and response,” he says.
"An ‘Ostrich-approach’ is no longer viable in an era of hyper-aggressive ransomware attacks." — John Gunn, CEO of Token
The market for ransomware preparedness – and insurance – is ripe. A new study by Blackberry and Corvus Insurance says a huge “cyber gap” exists, with a growing majority of businesses in North America either uninsured or underinsured against the rising wave of ransomware attacks and other cyber events.
The survey found:
• Only 19% of businesses surveyed have ransomware coverage limits above the median ransomware demand amount of $600,000.
• Among businesses with fewer than 1,500 employees, only 14% have a coverage limit in excess of $600,000.
• 37% of respondents with cyber insurance do not have any coverage for ransomware payment demands.
• 43% of those with a policy are not covered for auxiliary costs such as court fees or employee downtime.
• 34% of respondents have been previously denied cyber coverage by insurance providers because they didn’t have sufficient endpoint detection and response software.
Insurance is 'smartest place to start'
“The report underscores the fact that an ‘Ostrich-approach’ is no longer viable in an era of hyper-aggressive ransomware attacks,” said John Gunn, CEO of Token, a cyber software company in Monroe County, New York. “Every organization, and especially SMBs, are at increasing risk every day. Since most attacks start with compromised user credentials, insurance is the smartest place to start in establishing proper defenses.”
A recent Forrester report estimated that a typical data breach would cost the average organization $2.4 million for investigation and recovery. However, only 55% of survey respondents currently have cyber insurance — and less than 20% have coverage in excess of $600,000, which was the median ransomware demand amount in 2021.
A growing number of cybersecurity and business leaders recognize that cyber risk is business risk. The survey by BlackBerry and Corvus also revealed how cyber insurance, or a lack of it, impacts business practices:
Three in five respondents (60%) say they would reconsider entering into a partnership or agreement with another business or supplier if the organization did not have comprehensive cyber insurance. More than two-thirds (68%) of IT decision-makers are likely to reassess a partner or supplier agreement because of their cybersecurity practices.
A cyber insurance 'physical'
Along with these supply chain concerns, the new research reveals that cybersecurity practices, including successful technology implementation, are closely linked to an organization’s ability to keep cyber insurance — or get it in the first place. More companies are finding they have to undergo extensive security examination to satisfy an insurance carrier for coverage.
“Ultimately cyber insurance might require a business to undergo a ‘physical’ much like someone would do for a life insurance policy, to verify the current state of their cybersecurity posture and the corresponding insurance needed to protect their interest,” said Shawn Surber, VP of Solutions Architecture and Strategy, for Tanium, an IT security and management company headquartered in Kirkland, Washington. “The ideal scenario would be for cyber insurers to be able to actively poll their customer networks to determine vulnerabilities as new threats are discovered to help ensure their environments are continuously protected.”
Airiam’s Luchansky said much more than just software is needed to thwart cyber criminals.
“We offer managed detection response, also known as SOC, or security operations center, which means that there are actually eyes on screens; cyber analysts that are watching your system, real time and looking for indications that something's not right.”
Luchansky said the war in Ukraine has temporarily slowed cyber attacks because the biggest offenders or organizations appear to be based in Russia and Ukraine. But he said the lull will likely be fleeting.
“It's still constant threat,” he said. “And it's not hard to imagine that they’re going to come back and make up for lost time.”
Doug Bailey is a journalist and freelance writer who lives outside of Boston. He can be reached at [email protected].