Ransomware and cybersecurity insurance: how to protect your data

From the Colonial Pipeline to the world’s largest meat company, high-profile ransomware attacks continue to make headlines. 

Such attention-grabbing cases, however, are just the tip of the ransomware iceberg. These malicious intrusions occur at all levels. According to the data security company BlackFog, cybercriminals attack businesses every 11 seconds. That’s seconds. Not hours. Not minutes. Ransomware hackers are slated to rake in more than $21 billion in 2021, with cyber attacks causing some $6 trillion in damages. 

From breweries and bike shops, to hospital systems and government agencies, it seems no one is immune. But there are ways to secure your company, your clients and your valuable data.

What is ransomware?

Ransomware is a type of malicious software or malware. Hackers gain access to a vulnerable company’s systems, then use ransomware to encrypt the victim’s data and files. That means spreadsheets, banking and accounting information, and all the sensitive data a business keeps on employees and clients — it’s effectively stolen and held for ransom. 

To regain access to these files, a company is forced to pay the extortion in order to receive a decryption key. The average ransomware demand shot up by 43% to $220,298 in the first quarter of 2021 according to CyberScoop. The median ransomware payment also rose, from $49,450 in 2020 to $78,398 in 2021, a 58% jump.

What types of ransomware are out there?

There are two general types of ransomware: locker ransomware and crypto ransomware. 

What’s locker ransomware? As its name implies, locker ransomware locks users out of their computers. The program typically displays a message that makes it seem like it’s been put in place by an official agency, such as the FBI. The message instructs users to pay a “fine” in untraceable cryptocurrency such as Bitcoin to regain access to their systems. Reveton, which first appeared in 2012, is a common type of locker ransomware according to eSecurity Planet

What’s crypto ransomware? The most common and prevalent form of ransomware, crypto ransomware infects a company’s system and encrypts dozens of types of files rendering them inaccessible. Hackers who use crypto ransomware force their victims to pay, often thousands and thousands of dollars, to receive a key that will decrypt their information. 

With locker and crypto ransomware, hackers demand payment by a specific deadline. If the deadline is missed, the criminals threaten to delete users’ data making it unrecoverable.

Who uses ransomware?

While ransomware was once wielded by basement hackers, these illegal schemes have proven so lucrative — to the tune of that aforementioned $21 billion and counting — that ransomware criminals have gotten much, much more sophisticated. To put it simply: The ransomware economy is booming. 

Tetra Defense estimates some 45,000 ransomware products are being sold by more than 6,300 dark-web suppliers. This blackmarket malware ranges in price from 50 cents to $3,000, with the median cost at a mere $10.50. According to research from Carbon Black, the profit margins for ransomware hackers is 75% at minimum, a number that would make any business owner ecstatic. 

Powered by serious money, ransomware attackers have become unusually, shall we say, “helpful.”

“One of the most shocking factors within the ransomware ‘business’ is, for lack of a better term, the customer service mentality in place,” Tetra Defense wrote. “Negotiating ransom amounts and obtaining decryptors follows the same model as a customer service help desk — upon emailing the address given in the ransom notice, ‘customer service’ reps walk you through the process.”

What happens after a ransomware attack?

While these cybercriminals may be “helpful” when it comes to collecting their extortion money, they do not care about the downtime and financial losses their attacks have on real people. 

The average downtime an organization faces after a ransomware attack has grown to 23 days as of early 2021 according to CyberScoop. The research firm Gartner estimates the average cost of IT downtime at $5,600 per minute, with 98% of organizations reporting at least $100,000 in losses for a single hour of IT downtime. That means, for the average organization, a ransomware attack can cost upwards of $60 million in lost productivity, whether or not the company pays the ransom. 


Even if a company chooses to pay the ransom, there is no guarantee the cybercriminals will decrypt all of its files. According to a report from the CyberEdge Group, only 19% of companies that paid ransomware criminals had their data and working environments fully restored.

But I have an IT company, my system is safe from ransomware attacks — right?

Not necessarily. 

Not all IT companies offer comprehensive cybersecurity packages. And not all clients choose to pay the extra money it takes to protect their systems. According to the data security company Varonis, the vast majority of businesses “have unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss.” Varonis estimates a mere 5% of organizations are properly securing their networks. 

That said, 68% of business leaders believe their systems are at risk, and 88% of organizations worldwide experienced spear phishing attempts in 2019. It’s like the homeowner who waits to buy a burglar alarm until after they’ve been robbed. The threat is real, yet businesses aren’t always willing to pay to protect themselves from it.

I’m a small business, why should I worry about a ransomware attack?

More than 70% of the ransomware attacks in 2018 were against small businesses, according to Tech Times. Why? They’re viewed as easy targets that have access to valuable, unsecured data.

Just because a business is “small,” cybercriminals' ransom demands against them have been anything but. The average ransom for small businesses is more than $100,000, an amount that can put a tremendous strain on an independent company.

How can my IT provider help protect me from ransomware attacks?

As ransomware thieves have grown more sophisticated, they’re exploiting any and all entry points they can. An experienced IT company, with strong cybersecurity acumen can identify a business’s weaknesses. 


  • How much of your data is in someone else's database? If a vendor’s system is breached and that vendor has access to your data, that means your system has also been compromised. A good IT provider knows where your data is and how it’s being protected across platforms. They will also have systems in place to protect your information, should a breach occur from a secondary source.

  • Is your data backed up regularly? Your IT provider needs to test your backups to make sure they’re taking place completely and as scheduled. Having your data backed up and ready to be restored is the easiest way to avoid costly downtime. 

  • Does your staff know how to identify and avoid ransomware attacks? Employees remain the most common entry point for ransomware. Can your staff recognize phishing emails? Do they know which extensions and files to avoid downloading? A trusted IT provider can help bolster your staff’s cybersecurity knowledge with consistent training.

  • Is your IT provider securing its own data? IT companies have become a popular target of ransomware thieves. By infiltrating a single IT provider, cybercriminals gain access to a gateway allowing them entry to dozens and dozens of other organizations. While no system is 100% immune to ransomware attacks, a trusted and diligent IT provider will be constantly monitoring its systems for threats. This proactive scanning may not be a cure-all, but it allows threats to be identified early and remediated quickly before they wreak serious havoc.

What is cybersecurity insurance, and do I need it?

Ransomware attacks are a scary and constantly looming modern threat. Insuring your business against them, however, isn’t a comprehensive fix. 

Just as homeowner’s insurance offers a financial cushion should something happen to your home, cybersecurity insurance, sometimes referred to as privacy insurance, offers a financial cushion from the fallout of a cyber attack. Cybersecurity insurance policies are sold through insurance companies not IT providers. 

Many such cyber policies offer first-party and third-party protection, according to Forbes.

First-party cyber liability protection covers expenses directly incurred by the impacted business. These can include downtime, data restoration, hiring experts to negotiate ransom payments, the ransom payments themselves, and crisis/reputation management following an attack. 

Third-party cyber liability protection covers expenses incurred due to outside claims, fines and/or lawsuits. For example, if a doctor’s office suffers a data breach and a patient sues after their confidential information is leaked, third-party coverage can mitigate those expenses. Third-party coverage may also pay for fines imposed by government oversight agencies. 

The average cost of a cybersecurity insurance policy in the U.S. was $1,485 per year according to a January 2021 study from AdvisorSmith Solutions. 

As with most insurance policies, cybersecurity insurance comes with deductibles, exclusions and limits. In the case of ransomware attacks, these limits can be extreme. 

“Many cybersecurity policies provide very limited coverage for ransomware or cyber-extortion attacks, with coverage sub-limits as low as $25,000, even when the policy has a much higher total limit,” the AdvisorSmith report said. 

Some cybercriminal experts worry cybersecurity insurance gives companies a false sense of security, dissuading them from properly monitoring and protecting their networks.

“From a broad perspective, building in ransomware payments to insurance policies will only promote the use of ransomware further and simultaneously disincentivize organizations from taking the proper steps to avoid ransomware fallout,” Brandon Hoffman, CISO at Netenrich, told Threatpost in June.

We're here for you

While cybersecurity insurance can be a helpful piece in the mind-boggling puzzle of a ransomware attack, it is merely a piece. Working with a trusted IT provider such as Entech can help thwart a ransomware attack altogether while also minimizing your company’s fallout and downtime.