Providing Data Resilience Info to Insurers May Help Reduce Ransomware Cyber Insurance Rates

The latest highly publicized ransomware attacks are driving interest in cyber insurance to cover these incidents. Organizations are seeking to demonstrate they have systems in place that provide data resilience as a way of reducing these costs.

Panzura has recently experienced intensified demand from firms looking to better understand their cyber insurance options, according to Glen Shok, vice president of strategic alliances. The company provides secure global file-system solutions for managing, accessing and storing unstructured data in large organizations.

Before sitting down with insurers to review their security practices and coverage options, Shok advises these organizations to prepare a comprehensive risk assessment. “Insurers want both prevention and recovery controls in place, including an analysis of the value and nature of insured data. This has the potential to reduce risk for the business and insurer alike, and result in lower premiums,” said Shok.

He suggests they talk to their technology partners and software vendors to obtain a Statement of Ransomware Resilience (SoRR). This is an example of the type of documentation that may be considered by insurers when companies try to negotiate direct written premium and standalone policies. Panzura offers these statements to customers and works with them when they request other information for insurance purposes.

Cyber insurance prices are driven by the need for risk management and the growing incidence of network intrusions, data theft and ransomware exploits. Fitch Ratings reports that direct cyber insurance premiums increased by over 22% in 2020 to approximately $2.7 billion.

Shok said insurers have responded to the ransomware crisis in various ways including limits on claims payments and tying payments to policyholders’ actions. Some insurers assess whether data has been backed up sufficiently to resume operations within a reasonable period of time, without the payment of a ransom.

“Insurance policies may contain requirements to proactively shield networks and data from infection by deploying solutions for prevention, protection and recovery. We want our customers to understand the benefits of getting the right information to insurers as they look to secure better terms or modulate rate increases,” remarked Shok.

Hard market pricing is being used by insurers to offset claims, along with tightened terms and conditions, and more stringent risk selection. Brokers are trying to get more and better information from their clients to underwriters, in order to secure better terms.

Panzura’s CloudFS is a global file system that is inherently resilient to ransomware and other malware threats through data immutability. Organizations that use CloudFS to manage, store and access their unstructured data are less likely to need to pay a ransom to regain access to data held in the Panzura file system, even if subjected to an attack. Data stored by CloudFS cannot be encrypted because the system maintains an unalterable, clean data set.

More than 80% of all data at large organizations is unstructured. It is more difficult to store, analyze and access than other types of data. This includes sensitive and highly regulated healthcare and financial data, and petabyte-size enterprise files.