RALEIGH, N.C. (WNCN) — As the price of ransomware protection sky rockets, some organizations are finding they’re even being denied renewal of insurance policies.
If your personal data is lost in a ransomware attack on an educational institution or municipality, you may be affected on another level too.
Not counting hardware replacement and downtime, the cost of ransomware attacks is escalating.
“We typically see for organizations, even small ones, most often it’s in the seven-figure range at the very least,” said Steve Cobb, the Chief Information Security Officer of One Source.
A recent survey found 80 percent of organizations hit by ransomware opt to pay.
In 2021, ransomware globally generated $20 billion for those committing the crime, but that’s an underreported figure.
“A lot of organizations won’t report ransomware incidents because of the reputational damage that comes with it,” said Cobb.
Getting ransomware insurance is now costly because too many organizations aren’t securing their systems properly.
“Not only are premiums going up, but they will not reissue a policy if organizations haven’t met basic cybersecurity hygiene requirements,” said Cobb.
Among those insurance requirements,
organizations must use:
- multi-factor authentication
- end point protection
- having a managed security advisor
Many ransomware attackers also take your personal data during the attack to use it in another way to compromise your identity or worse.
“A lot of companies think paying that ransom stops a threat actor from publishing that data, but it’s not always the case,” said Cobb.
Experts say it takes between 30 and 60 days to recover from a ransomware attack, with some larger global companies finding it could take 6-8 months.
Although the bad guys like to get big payoffs by hitting large targets, they also like to go after individuals.
If they hit enough individuals, the cumulative payday can be in the tens of thousands of dollars, it just takes the bad actors longer to accumulate it.