In the current digital landscape, one of the significant concerns at the forefront of every conversation is ransomware – a trending topic of discussion, given its potential for severe losses and the consistent increase in frequency. Jerry Caponera, the General Manager of Risk Products at ThreatConnect, is joined by Yousef Ghazi-Tabatabai, Director, Risk at PwC, to highlight how ransomware attacks have been escalating in severity over the past couple of years, prompting major organizations to redefine their security strategies.
As ransomware continues to evolve as a major issue, organizations are swiftly responding to the challenge and stepping up their preventative measures. Moreover, the rise of ransomware has an additional consequential effect in relation to cyber insurance.
Yousef believes that several organizations have sustained hefty losses due to ransomware, resulting in substantial payouts from insurers. This scenario leads insurers to reassess the pricing structure of insurance contracts while reconsidering the minimum requirements before underwriting a policy. Consequently, insured organizations are also forced to reconsider how they handle the financial risk linked to potential ransom incidents.
The call to action for companies is to develop a better understanding of the risks they face. Often, companies are advised to assess their exposure, especially in relation to insurance. Given the increase in frequency and severity of attacks coupled with the changing pricing of cyber insurance, companies are likely to encounter higher costs.
Yousef adds that the primary consideration is understanding the potential financial implications of a ransomware attack on an organization and comparing that to the potential insurance payout in such a scenario. Understanding the controls that need upgrading to cover the widening gap and evaluating the cost of these controls against the cost of increased insurance coverage forms part of risk management. To effectively present this to a company’s board, all these factors need to be framed collectively – and that’s where risk quantification steps in.
In addition, identifying the assets and business processes that are most at risk from ransomware is crucial to understanding and mitigating potential losses. A two-stage process is often recommended: an initial analysis followed by an in-depth review focusing on areas of greater vulnerability.
Through the discussion, it’s clear that the rising tide of ransomware attacks has put businesses on the defensive. In this cybersecurity battle, knowledge and proactive stances are key weapons, while cyber insurance takes its place as an important ally.