To pay the ransom or not?
Posted: Thu Jan 30, 2025 6:44 am
It’s no surprise that cyber insurance has become an increasingly popular choice for many organizations – with 24% growth expected to make it an $84.62 billion industry by 2030. However, as the number of businesses buying and requiring insurance has increased, its cost has also continued to rise, with premiums rising. Over the past three years. This isn’t the only change insurers have made to keep cybersecurity profitable: more meaningful risk assessments, introducing minimum security standards and reducing coverage have become common practice in recent years.
Cyber insurance has become a controversial topic recently, often boiling down to the qatar rcs data million-dollar question. Ransomware : To pay or not to pay? While many reject the idea that insurance companies are more likely to pay ransoms , a 2023 report on victims found that 77% of ransoms were paid through insurance. However, many insurance companies are trying to put an end to this situation. The same report found that for 21% of organizations, ransomware is now explicitly excluded from their policies. We also saw others explicitly exclude ransom payments from their policies: they will cover downtime and damage costs, but not extortion costs.
In my opinion, the latter approach is the best. Paying ransoms is not a good idea and is not what insurance should be used for. It is not just a question of morality and fueling crime, but of the fact that paying ransoms does not immediately solve the problem and often creates new problems. First, cybercriminals track which companies pay so that they can come back for another attack or share this information with other organizations.
Cyber insurance has become a controversial topic recently, often boiling down to the qatar rcs data million-dollar question. Ransomware : To pay or not to pay? While many reject the idea that insurance companies are more likely to pay ransoms , a 2023 report on victims found that 77% of ransoms were paid through insurance. However, many insurance companies are trying to put an end to this situation. The same report found that for 21% of organizations, ransomware is now explicitly excluded from their policies. We also saw others explicitly exclude ransom payments from their policies: they will cover downtime and damage costs, but not extortion costs.
In my opinion, the latter approach is the best. Paying ransoms is not a good idea and is not what insurance should be used for. It is not just a question of morality and fueling crime, but of the fact that paying ransoms does not immediately solve the problem and often creates new problems. First, cybercriminals track which companies pay so that they can come back for another attack or share this information with other organizations.