How Cyber ​​Insurance ​​​​​​​​​​​is Changing Amidst the Ransomware Tsunami – An Analysis of Virtualization


How Cyber ​​Insurance ​​​​​​​​​is Changing Amidst the Ransomware Tsunami

With the recent rise in ransomware attacks has come low payouts from insurance companies, so they are breaking laws and regulations to reduce their exposure.

“Remember, a lot of what we talked about in terms of cyber security and cyber insurance right now is 100 percent different from five or six years ago,” said IT expert John O’Neill Sr. provided by Virtualization & Cloud Reviewtitled “Modern Hybrid Cloud Data Backup & Recovery,” is now available to watch on demand.

O’Neill Sr., a technology specialist at AWS Solutions, was presenting with his partner Dave Kawula, managing director of consulting at TriCon Elite Consulting.

Hardware rotation
One of the online insurers’ moves was to detail how the pair responded to a member’s question about whether a five-year hardware replacement plan still made sense for small businesses.

“A lot of cyber insurance policies have riders now that if you put in a backup device, you could be in violation of your policy.”

My Davemanaging consultant, TriCon Elite Consulting

“I think one of the biggest things – and you know, John, I want you to talk about this – is that a lot of online insurers have riders now that if you can- help, you can break your rules,” Kawula said. “So if your hardware gives you a 60-month, five-year warranty, and that’s it, then you can be in your loop.”

O’Neill Sr., the cyber insurance expert between the two, responded: “Dave, you know, I spend a lot of time working on cyber insurance, mostly to understand how it’s changing and what it’s doing. Because at the end of the day, I want people to have an insurance that will pay them when they want to pay, not a policy that gives them warmth and understanding [feeling] that ‘Well, I have insurance, it will be there.’ Because as you said, there’s a lot of new things that are well-publicized, if you will — high–registration requirements, these kinds of things, that when you have an event, and they do legal investigations, if there’s any of this. After confirmation, you said, ‘Yes, I don’t have any unsupported equipment,’ and you do, they use it without paying. And you can protest, you can stomp your feet, but you’re still out all that money and everything. So it’s bad.

Advanced Checklist
[Click on image for larger view.] Advanced Checklist

“And they’re getting stiffer and stiffer on the need for your software and hardware, the manufacturer to support it. So all the companies that call you and say, ‘Hey, you know, we know that Dell stopped supporting this model, but we’ll take care of supporting it for you and everything else, and that will be fine with your insurance company.’ This is not true. I have analyzed a lot about this. And the reason the insurance carriers do not accept this is because they have confirmed that no one but the manufacturer can handle the safety repair. it seems, so whether it’s in the original firmware, whether it’s in, you know, UEFI, or in your NIC firmware, whatever it may be, only the manufacturers are trusted to fix this. this is a story.

So my suggestion is that you verify the life of this product – this device that you are going to buy – directly with the seller, extend your warranty as much as possible, and consider other options. Because a lot of people – especially right now, right – people are starting to get a little scared of some of the money that they can make right now and things like that and finances. So consider other options, such as cloud backups, solutions, or those types. ”

How Often Do Victims Pay?
O’Neill Sr. he also answered the question of how often organizations should pay ransom.

“So, in preparation for the upcoming negotiations, I have spent the last few weeks reviewing information from many insurance carriers on this particular question,” O’Neill Sr. replied. “And as it appears now, it’s about a 50/50 split. So what that means is that out of the claims they made they were analyzing about 50 percent of the claims that involve paying some level of ransom or compensation to the defendant.

“Now, in the other 50 percent, don’t just think that’s because those people had a good DR system. And they were able to stop the attacker and get everything back without paying a ransom. There’s a number that represents the people. And I couldn’t, I mean, not that they didn’t have a wallet, or they had no money, but that the attacker was on a terrorist watch list. or something like that, where the government prevents them from being paid.”

A recent report on ransomware also provides payment details, finding that many victimized organizations paid the ransom and got their data back, but almost as many got their data back without paying a ransom or paid a ransom and still didn’t get their data back.

Did You Pay a Ransom?
[Click on image for larger view.] Did You Pay a Ransom? (source: Veeam).

The report also detailed how the ransom was paid.

How Was the Ransom Paid?
[Click on image for larger view.] How Was the Ransom Paid? (source: Veeam).

However, a recent report revealed the incentive to pay.

Great Paying Incentives
[Click on image for larger view.] Great Paying Incentives (source: Cybereason).

Refunds, Not Direct Payments
The issue of how insurance carriers pay for ransomware — if you’ve dotted all your I’s and crossed all your T’s so they’re forced to — came up again.

“The cyber insurance broker doesn’t cover the cost,” Kawula said. “They don’t just have a slush bag sitting there and say, ‘Hey, listen, yeah, we’ll pay 30 grand.’ No, this client has to come up with this. And it’s a way to pay back. So in terms of what you have to pay, John, there are situations where, let’s say you get caught, and you have to pay — which a lot of clients have, it’s a big ransomware business — how do you pay? about that?”

Answer: “Well, you have to have some kind of way, whether it’s a loan, or something, that you can pay. And to explain it, I’ll give you a little background. Insurance, there are several different areas to it, and what you’re most worried about and that’s what pays the ransom. So there’s a part that pays for the loss of business, right? , whatever it is, you’re losing it, because you’re down – you have to stop – and you can’t pay your employees, you can’t pay your vendors, you know, who have So that’s insurance Yours usually has a business loss component.

“Now, in practice, these things are very simple. So you have a fire, they know where the fire started, they know what caused it, they can predict the recovery quickly and accurately and start receiving payments. In the past it was not so difficult and everyone felt safe. But the only reason it was not difficult because The insurance companies didn’t understand, like they do now.

“So now they understand a lot. And so they will do a lot of legal research before they give anything.”

John O’Neill Sr.chief technology officer, AWS Solutions