Cohesity: Ransomware is cashing in on cyber insurance payouts 

Key Takeaways

The public cloud is inherently safer than on-premises datacenters, as Cloud Service Providers (CSPs) enhance global security for enterprise IT.

Despite the confidence in recovery plans, many organizations struggle with gaps in their cyber resiliency strategies, with over half lacking complete confidence in their capabilities.

Organizations are increasingly relying on cyber insurance and ransom payments as part of their recovery strategies, highlighting a critical gap in proactive cybersecurity measures and investment in skilled personnel.

The cloud is safer. Putting our networked compute resources into public cloud services is inherently safer than ‘plopping’ all our IT estate into any notion of an on-premises company datacenter facility. Inherently, the Cloud Service Provider (CSP) hyperscalers have tightened up the global thread for enterprise information technology as a whole.

But all is not Barbie-level sweetness and light. Cyber threats are still increasing and network-level security protection fabrics and capabilities aren’t keeping pace. This inconvenient truth means that ransomware payouts are being met by cyber insurance – it’s almost as if this insurance layer is being used as some kind of protection defense tier in answer to the threats.

What is cyber insurance?

Cyber insurance (also called cybersecurity insurance) is an insurance policy that provides financial protection against losses from cyberattacks, data breaches, and other cyber-related incidents.

TechTarget defines cybersecurity insurance as “a contract that an entity can purchase to help reduce the financial risks associated with doing business online.” The FTC calls cyber insurance “…one option that can help protect your business against losses from a cyber attack.” Nationwide gives further details, saying cyber insurance “…generally covers your businesses’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.”

A global study by data security and management company Cohesity has suggested that (of 3,400 IT and security decision-makers questioned), some 91% believe that the threat of a ransomware attack has increased over the past year. A reality-checking 39% of respondent’s organizations have actually been a victim of this type of activity in the last six months.

We can’t keep up

The company says that cyber resiliency plans that enable organizations to anticipate, withstand, recover from and adapt to different types of attack aren’t keeping pace with rising threats. 

While over 85% of respondents’ organisations have a cyber resiliency strategy in place, only one in five (23%) have complete confidence in it and over half (53%) say that it has gaps, could be improved or they have little confidence in it. 42% say their teams are stretched too thin, while over a third of respondents (38%) say their organization’s leadership is simply not aware of the importance of cyber resiliency, perhaps explaining why organizations are still failing to invest sufficiently in skilled people and solutions. 

Some 70% of respondents believe that they currently lack enough skilled workers to respond effectively to a data breach or loss.

Prevention yes, but recovery also

“A cyber resiliency strategy that prioritizes the ability to recover from a cyber-attack is arguably more important than one that focuses solely on prevention,” said James Blake, CISO EMEA at Cohesity. “But all the time that companies try to pay their way out of trouble with ransoms, insurance or warranties is throwing money in the wrong direction as this won’t help them recover the data and processes that keep the organisation in business. The gaps aren’t in prevention or even in the workforce, the gaps that need bridging are in the c-suite taking the threats seriously and investing in tools to rapidly recover from attacks.”

Despite these concerns, 95% are confident they can recover data and critical business processes in the event of a data breach or loss, although 68% said it will be touch and go or they have limited confidence. About a third (37%) cited a lack of coordination between IT and security teams as the biggest barrier to getting the organisation back up and running, a similar number (31%) said that lack of a recent clean and immutable copy of data would be their biggest hurdle. 52% of respondents believe they would recover data and business processes in under a week (1-6 days) and a leading 3% believe they could do it in under 24 hours. 

It’s a platform play

“IT and SecOps must co-own organisations’ cyber resilience outcomes to identify sensitive data and protect, detect, respond, and recover from cyberattacks,” said Brian Spanswick, CISO, Cohesity. “Relying on traditional backup and recovery systems, which lack modern data security capabilities, in today’s sophisticated cyber threat landscape is a recipe for disaster. Instead, organizations should seek out data security and management platforms that integrate with their existing cybersecurity solutions and provide visibility into their security posture and improve cyber resilience.” 

However, it appears from the research that organizations are prepared to pay to compensate for some of the gaps in their cyber resiliency. Of those surveyed, only 9% ruled out paying a ransom to recover their data after an attack. 29% would definitely pay and 62% would consider it depending on the severity of the attack and cost of ransom. 

Likewise, 80% believe that they would be covered by ransomware warranties, contrary to Cohesity’s own investigation of the terms and conditions of many warranties. Similarly, 73% of those surveyed said their organisation has cyber-insurance, but reflecting the industry challenges, almost half (48%) said it was harder to get insurance now than three years ago.