For these and other reasons, organizations are increasingly opting for cyber insurance coverage and paying higher premiums year after year. According to the U.S. Government Accountability Office, the number of companies opting for cybersecurity coverage grew from 26% in 2016 to 47% in 2020, and most saw breach insurance premiums increase by up to 30%.

Given the clear financial stakes, it is time security leaders understand the risks before adding cyber insurance to their strategy for ransomware prevention and recovery.

Successful breaches breed more attacks

Ransomware typically enters a company via a phishing attack or a compromise of a vulnerable system deployed on a network’s perimeter. From there, the infection proliferates via exploits or open shares, encrypting important data as it jumps from machine to machine, after which cyber criminals withhold the encryption key and threaten to publish sensitive data unless a ransom is paid.

The attackers, many of whom are part of sophisticated and organized groups, often provide a step-by-step guide for the targeted company to transfer ransoms in cryptocurrency, sometimes in the hundreds of thousands or millions of dollars. Sadly, when faced with costly downtime and/or the downstream effects of having sensitive data made public, many companies end up complying with the attackers’ demands. Paying the ransom, in turn, incentivizes more attacks, perpetuating the cycle of crime.

It’s important to note that cybersecurity insurance is also incentivizing attacks rather than serving as protection for the rarest of breaches. While U.S. law enforcement has typically urged companies not to pay the ransom, it has yet to decide to ban such payments altogether (though the US Department of the Treasury’s Office of Foreign Assets Control regulations prohibit U.S. companies from paying up if they suspect the attackers of being under its cyber-related sanctions program).