Ransomware, other security threats reveal insurance ‘cyber gap’

Like many business executives, Elliot Luchansky learned the hard way how devastating cyber ransomware attacks can be. Luchansky, who was the CEO of a cloud-based hosting service called iNSYNQ, was victimized not once, not twice, but four times by cybercriminals who encrypted and disabled all of the company’s data and stopped it at a high price. The pain caused by the attack is evident as he tells the story.

He said: “It is the same for you as if your relative is being held for ransom.” “It’s frustrating to see anything you’ve built over the years be destroyed in a matter of weeks.”

Luchansky was so impressed by his experience that he founded a new company, Airiam, which specializes in cybersecurity, ransomware protection, management, and response. Airiam also works with insurance carriers to help reduce ransomware costs.

“They’re able to offer more competitive pricing when they know we’re the ones lining up to be called for protection, recognition, and accountability,” he says.

“The ‘ostrich’ approach no longer works in the era of deadly ransomware attacks.”
– John Gunn, CEO of Token

The market for ransomware preparedness – and insurance – has matured. A new study by Blackberry and Corvus Insurance says there is a significant “cyber gap”, where many North American businesses are underinsured or underinsured against the rise of cyber threats and other cyber incidents.

The study found:

• Only 19 percent of businesses surveyed have a threshold for ransomware that exceeds the median demand of $600,000.
• Among businesses with fewer than 1,500 employees, only 14% have a gross margin of more than $600,000.
• 37% of respondents who have cyber insurance do not have any payment method.
• 43% of policyholders are not covered for benefits such as court fees or vacation time.
• 34% of respondents have previously been rejected by online insurers because they did not have adequate awareness programs and solutions.

Insurance is the ‘smartest place to start’

“This report underscores the fact that the ‘ostrich approach’ no longer works in an era of highly destructive threats,” said John Gunn, CEO of Token, a cyber software company in Monroe County, New York. “Any organization, especially SMBs, is at increased risk every day. Since most threats start with user information, insurance is the smartest place to start to implement the right protection.”

A recent Forrester report estimated that a data breach could cost an estimated $2.4 million in research and recovery. However, only 55% of those surveyed currently have cyber insurance – and less than 20% have more than $600,000, which was the median amount required for a claim in 2021.

An increasing number of cybersecurity and business leaders recognize that cyber risk is a business risk. Research by BlackBerry and Corvus also revealed how cyber insurance, or the lack thereof, affects business practices:

Three in five respondents (60%) said they would reconsider forming a partnership or partnership with another business or vendor if the organization did not have adequate cyber insurance. More than two-thirds (68%) of IT decision makers are likely to reevaluate their contract or service provider because of their cybersecurity practices.

Cyber ​​’physical’ insurance

Along with these kinds of concerns, new research shows that cybersecurity practices, including the effective use of technology, are closely related to an organization’s ability to maintain cyber insurance — or get it in the first place. More and more companies are finding that they need to be tested more in order to achieve insurance coverage.

“At the end of the day cyber insurance may require a business to have a ‘body’ like a person would for life insurance, proving their cybersecurity posture and the corresponding insurance needed to protect their interest,” said Shawn Surber, VP. of Solutions Architecture and Strategy, for Tanium, an IT security company based in Kirkland, Washington. “The good news is that cyber insurers will be able to proactively monitor their customers to identify what is at risk as new threats are discovered to help ensure their environment is continuously protected.”

Airiam’s Luchansky said more than software is needed to thwart cybercriminals.

“We offer control solutions, also known as SOC, or security center, which means there are eyes on the screen; cyber experts who are watching your system, in real time and looking for signs that something is wrong.”

Luchansky said the war in Ukraine has temporarily reduced cyber attacks because the main perpetrators or organizations appear to be based in Russia and Ukraine. But he also said that the madness would be temporary.

He said: “It’s still a constant threat.” “And it’s not hard to imagine they’ll be back to make up for lost time.”

Doug Bailey is a journalist and freelance writer based outside of Boston. He can be reached at [email protected].

© All contents 2022 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reproduced without written permission from InsuranceNewsNet.com.