Cyber insurance remains a useful tool in the fight against ransomware, a new Marsh briefing argues.

That may seem like an obvious thing to say, but the briefing points out that some are increasingly viewing cyber insurance as creating a target on companies’ backs that can invite ransomware, or cyber extortion, attacks. On the contrary, Marsh said that the insurance is a proven tool to help fight ransomware and other cyber threats.

A ransomware attack involves a party coopting an entity’s computer systems and preventing their use until a fee is paid.

Marsh explained that ransomware victims aren’t typically targeted per se. Rather, attackers go after computer vulnerabilities that helps reel in as many victims as possible.

Other myths about cyber insurance and ransomware that Marsh is trying to dispel:

Ransomware doesn’t incentivize extortionists because ransomware demands aren’t typically that large, usually topping out in the five-figure range.

Paying a ransomware demand, while not ideal, often is necessary to minimize operational disruptions that a ransomware attack can cause.

Insurers do not decide whether to pay a ransomware extortionist. The insurance buyer makes that final call. If an insured decides not to pay the ransom, an insurer typically supports the resulting costs including network recovery costs. Customers are also typically reimbursed for lost income stem from the attack.

Marsh noted that cyber insurers have “reliably paid claims for ransomware, network interruptions, data breaches and related liability” for more than a decade.

Also, cyber insurance helps raise awareness about cyber risk prevention methods, the report noted.

Marsh’s full briefing is “Cyber Insurance is Supporting the Fight Against Ransomware.”

Source: Marsh