Time and again, companies have to painfully experience the serious impact of a cyber attack. Beginning of July, hackers cracked the checkout system of the Swedish supermarket giant Coop, interrupting operations until further notice. In the same month, attackers blocked the server of the Anhalt-Bitterfeld district in Saxony-Anhalt, whereupon the district had to declare the first cyber disaster in German history. In short, the ransom ware and digital extortion business is flourishing. 

The attackers' strategy is not new and quite simple: after data or systems have been compromised, the hackers demand a ransom for their release. In the first quarter of 2021, the average ransom paid by a company was around USD 220,000 – a significant increase compared to the previous quarter. Just recently, the US company Kaseya became the target of the highest-ever known ransom demand: initially, the attackers demanded USD 70 million in Monero or Bitcoin. Later, they reduced their demand to 50 million – still a sad record.

More attacks, higher demands: Cyber insurance at a crossroads

In view of the serious increase in cyber attacks and the rising ransom demands, the demand for cyber insurances is also growing. These often cover not only ransom payments, but also recovery costs and consequential damages due to business interruption. Hackers already factor this in and usually assume that the insurance company will consider a ransom payment to be the most favourable solution. But now insurers and reinsurers are reacting: In the U.S. and Canada, cyber insurance premiums have increased by around 30 percent in the first quarter of 2021 alone. At the same time, many insurers are significantly limiting coverage in the event of a claim. AXA Insurance, for example, announced back in May that future policies would exclude ransom ware payments from coverage. But what does this mean for companies? And how can they protect themselves from rising costs?

Prevention: Training and awareness programs create security

Current developments are putting the cybercriminals' business model to the test. If no ransom is paid, the business foundation disappears. At the same time, companies must ask themselves whether the shrinking coverage of cyber insurance can continue to justify the high premiums. It therefore seems inevitable that both insurers and companies will have to pay increased attention to effective prevention. An effective cyber security concept not only includes appropriate technical measures, but also professional training and awareness measures. In the future, companies with a solid and verifiable training concept could therefore benefit from premium reductions or other special conditions. In any case, they reduce the risk of falling victim to a successful cyber attack and can thus protect themselves not only from high ransom demands, but also from consequential operational damage and loss of reputation. Security-Island supports you in providing your employees and managers with comprehensive training on cyber security and offers professional e-learning solutions with proof of success.