There’s been a flurry of security reports too.
In research sponsored by Arctic Wolf Networks, over 40% of US businesses had either no cyber insurance or limits of $1 million or less, which may not adequately cover the cost of the average cyber attack. The report highlights that some insurance companies faced mounting losses related to their cyber insurance policies and abandoned the sector. Others reduced coverage, increased premiums, or amended policies to include more stringent risk mitigation requirements.
Datto published its 2022 State of Ransomware report. Here are your highlights:
- About a fifth of the IT budget is dedicated to security, and many are seeing increased budgets. 47% of SMBs plan to invest in network security in the next year.
- 69% of SMBs currently have cyber insurance, and 34% of those without it will likely get it in the next year.
- Only 3 in 10 SMBs have a best-in-class recovery plan, with 52% claiming they have a standard recovery plan in place.
- Forty-two percent of SMBs with cyber insurance think it’s extremely likely that a ransomware attack will happen in the next year. Only 16% of SMBs without cyber insurance think the same.
And in potentially good news, blockchain research firm Chainalysis reports that since 2019, victim payment rates have fallen from 76 percent to just 41 percent. For context, that number was 50 percent in 2021 by their figures. the research firm’s data is estimate-only. There are cryptocurrency sites controlled by ransomware groups that have not yet been identified on the blockchain and folded into Chainalysis’ data.
This change can be attributed mainly to three things:
- The victims realize that paying the ransom does not guarantee they will get their files back and that the threat actors will delete the stolen files.
- The public perception of ransomware attacks has matured, and data leaks from these incidents tend to tarnish brand reputation.
- Organizations are following better backup strategies which are also required for ransomware coverage insurers, often giving them a way to restore their IT infrastructure in cases of attack.
There are complementary data from Coverware, too – they cite 76% of victims in 2019, down to 41% of victims in 2022.
Why do we care?
Less a security story and more an insurance one. The reporting implies that somewhere around 60-70% have insurance, yet the data also indicates that insurance is getting harder to qualify for and with fewer firms issuing policies. Organizations are also paying ransoms less, which is very encouraging news.
The optimist in me wants to believe the trend may be turning. Last week, the story was reported on how ransomware operators are shifting to extortion and focusing on leaked data. They’re adapting because payments are down. The reality appears to be the continuing maturation on both sides of the fight as the attacker and defender move to the next stage.
For providers, it’s a sign to refresh the offering, which fundamentally is the same concept yet defending against a new attack, and savvy implementers will be updating their customers on that new threat.