Is it convenient to hire cyber insurance against Ransomware attacks? Miguel Ángel Martos, Sales Director, Zscaler Iberia and Italy, gives us some clues about this situation.

Ransomware today represents the bulk of threats that companies have to face. The increase in the number and variety of attack tools (from the ransomware itself to the entire ecosystem of auxiliary tools used, for example, to break RDP accesses) as well as its growing sophistication, make life of CSOs extremely difficult.

One of the tools that companies are beginning to use to face the threat of ransomware is to hire cybersecurity. Cyber ​​insurance or cyber risk insurance is a star product in the portfolio of many insurers, but while many of the most advanced companies see insurance as an additional “safety net” to amortize the cost of responding to incidents, to Many others this fashion of insurance does nothing more than reflect their lack of preparation and the belief that insurance is going to be the universal panacea.

A lack of preparation and understanding of the severity of the attack, which will have significant repercussions on company activity for weeks and sometimes even months. Also, paying a ransom only encourages attackers to repeat it, more frequently, and to improve it.

What is more important, being «well prepared» or «well insured»?

Lack of preparation can take many forms, the most important being the absence of operational and proven backups for business-critical data, or the reliance on online backups, which can also be accessed directly at the time of the attack and which, of course, will also be encrypted and rendered useless as part of criminal activity.

The situation is complicated by employees wanting to access their information as quickly and easily as possible. That is why SaaS applications and online data storage have become commonplace in the IT landscape of companies.

Perhaps it is time to rethink this approach, to ensure that all data is backed up offline as part of a multi-layered defensive strategy, which is the only way to combat ransomware attacks. After all, ransomware attacks are ultimately an attack on the availability of backups.By backing up critical data regularly and offline, IT teams can significantly reduce the impact of a ransomware attack.

Another critical element in this type of attack is having an effective incident response plan. And for this it is not necessary to reinvent the wheel: there are security frameworks derived from the experience of the community, which allow well-constructed response plans to be applied.

However, despite the existence of these frameworks that help guide security practices, and despite the evidence of the danger that rescue requirements represent for the very existence of companies, many companies still do not have that incident response plan.

This can explain why, in some corporate cultures, cybersecurity is not the responsibility of the steering committee. It is not uncommon to say that «there is always something more important to do» and these issues are relegated. Unfortunately, for these companies, priorities only change after a devastating ransomware attack.

Less selective and more frequent attacks

And because these attacks are less and less selective and more opportunistic due to their enormous success, the risk of having to face one is more than likely.

The company’s board of directors must realize, before it is too late, how dangerous these attacks can be. Without an adequate security plan, a company that is the victim of a ransomware attack can sink or even disappear, and this can also happen to it without being the main objective of the attack, such as being a collateral victim due to the spread of malware in a partner company.

The management of the company has to be aware of the responsibility they have to be better prepared for the future, and understand that a ransomware attack will inevitably affect them sooner or later. And those who refuse to prepare become the weakest link, risking their company’s data and potentially its survival.

Returning to cybersecurity, it is an illusion to think that this tool will solve or compensate for the lack of preparation of the company. Of course, each insurer will have to require companies to take the appropriate steps to protect themselves in the first instance.And this requires making sure (sorry for the pun) that there is a true incident response plan in place (detection and prevention capabilities), and that vital data can be retrieved from an off-line backup system. < / p>

And only in that case, the insurance company will be able to cover the many expenses of responding to an incident.