Triskele Labs Blog

Cyber insurance: 101

Written by Nick Morgan | Oct 6, 2021 7:12:37 PM

Watch the full Cybeers episode here

Having cyber insurance in place is really important, but it’s equally important not to rely on it too much.

The way it generally works is when a business suffers a ransomware attack, the threat actor locks your network and demands a ransom, generally to be paid in cryptocurrency, in return for the keys to unlock your network. Your business pays the ransom then claims it on cyber insurance.

However, like any insurance there are some key steps you need to take to make sure you get the maximum payout from your cyber insurer.

The first is making sure that you maintain a strong security posture. If you suffer an attack and your insurer concludes that you haven’t taken appropriate steps to protect your business from cyber-attack, that can affect the level of payout you might receive.

One thing we hear over and over again is the now outdated argument: “we’re not a bank, we don’t need bank-level security”.

Wrong.

Recent attacks on JBS (a meat processor) and EA Sports (a computer game maker) prove that malicious threat actors are willing to take on other big businesses and milk them for whatever they can.

In the past, some businesses have opted not to invest heavily in cybersecurity, and instead try to skirt the ransomware by re-loading their data from a backup and moving on.

In response, the threat actors have smartened-up and instead of just locking your systems now, they’re stealing all your data first. So if you opt not to pay the ransom, they’ll post all your business’ data online, exposing your customers’ private details, and potentially your IP to the world.

Sometimes they even give you a nifty little countdown clock of when that’s going to happen, which is nice of them.

The other tip for ensuring you get maximum payout from your cyber insurer is ensuring you notify them as soon as you suspect you’ve been compromised.

We’ve done incident responses where the organisation has been paid-out the total amount of the ransom because they notified the insurer immediately, sometimes while we were still on the initial incident call.

But we’ve had others that have only received a 43% payout because they waited until a couple of days after the initial compromise to notify their insurer.

So, the insurers want to know immediately and there’s no point in waiting to notify them as you’ll only diminish your own payout.

The take-away is that cyber insurance is really important, but even with it in place, you have to make sure your cybersecurity is up to scratch to ensure you protect your business as much as possible, and maximise your insurance payout if you are attacked.