Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

How to protect businesses against the threat of ransomware attacks and the role of cyber insurance

By Gary Salman
Cyber Liability Insurance: Moving from Insurance to Assurance; cyber security news
October 25, 2021

During the past 12 months, there has been a significant evolution in ransomware attacks on businesses. Historically, the threat actor (TA) would encrypt some or all the data on a business network, then sit back and wait for the targeted company to make the ransom payment before unlocking the encrypted data. As businesses continued to move toward more robust and redundant backup solutions, the frequency of the payments diminished because businesses were able to recover their data from backups. The TAs started to see this trend and changed their modus operandi.


However, in many of these cases, cyber insurance can still play a critical role in protecting a business during the interruption of a ransomware attack, as well as help cover potential ransom payments and/or associated legal fees.


The Current Methodology of Ransomware Attacks

Threat actors are now shifting to the method of exfiltrating (stealing) the business’s data prior to the ransomware attack in order to ensure that they are paid the demanded ransom. The business may have a viable backup, but their intellectual property, confidential business data, client information and PII (personal identifiable information) or ePHI (electronic protected health information) has been stolen. In order to have some assurances from the hackers that they won’t publish their data on their shaming or auction sites, the business often opts to pay the TA for the removal of their information from the hacker’s servers. This new methodology presents an entirely new set of risks and costs associated with a ransomware attack.


Another shift we have experienced firsthand is the contacting of the victims’ employees. In two recent attacks, the hackers contacted executives and employees by email and phone demanding payment. These emails and voice calls threatened the victims with the release of the data, identity theft and contacting news channels. 


How should a business proceed if faced with this predicament? What are the potential impacts of paying or not paying the ransom?


An Analysis of Ransomware Risks

Let’s analyze each aspect of the attack and understand the risks associated with them. The first is the encryption of the data by the TA. When a ransomware attack is executed, and the primary impact to the business is the encryption of the data, there are a few things that must be considered.


First, what is the status of the backups – are they viable? How long will it take to restore the data from the backup? The next thing to understand is: what is the depth and scope of the attack? Are all or most of the workstations and servers impacted? If so, how long will it take to rebuild the machines? If the backups have either been destroyed, are unrecoverable or are incomplete, the only option may be to pay the ransom. If this is the case, insurance may play a vital role in helping the business recover from the interruption of the attack, i.e., lack of business continuity as well as the ransom payment and legal fees. In many cases, the entire network may need to be rebuilt because the attack damaged computers and the TA deployed additional hacking tools on the network. Also, due to the nature of the attack and the financial impact of business interruption, a decision may be made to pay the ransom as a way to help the business recover in a shorter period of time than by trying to recover from backups.


Ransomware Case Study

Let’s look at a case where the TA not only encrypted the network environment but also exfiltrated the victim’s data. In this scenario, let’s assume that three weeks prior to the IT resources detecting the attack, the TA gained access through a vulnerability in the network, gained lateral movement throughout the environment and exfiltrated most of the business’s confidential and proprietary data. After the successful exfiltration, the TA initiated the ransomware attack that encrypted all servers’ workstations.

The business is now going to have to deal with the “what if” scenario regarding the posting or sale of their data on the TA’s shaming and auction site. As part of the initial investigation, typically performed by a Digital Forensics and Incident Response (DFIR) firm, a decision will be made as to the likelihood of exfiltration. If it appears that the data has been stolen, the business, legal counsel and DFIR will work through the proper course of action to best protect the business and clients.


This course of action may include the payment to the TA even if the business has a viable/complete backup. Some businesses may not have enough insurance to cover the expenses associated with a ransom and extortion event and will have to accept that the TA will publish all of their exfiltrated data to their shaming and auction site. Keep in mind that for many businesses, there will be additional legal and compliance issues that they will have to deal with as a result of the release of this data.


How to Protect Your Business

What must businesses do to properly protect themselves? The answer is multifaceted and not simple, especially for businesses that deal with confidential and regulated information. Can your business afford to be down for two or more weeks as the result of a ransomware attack? In most cases, regardless of the size of the business or the types of backup solutions in place, the business must make plans for being down for two weeks. Let’s look at some of the root-cause issues and make recommendations to help minimize the chances of an attack.


First, most small- and medium-sized businesses do not have any type of Incident Response plan in place to deal with a cyber event or even a disaster. When an event occurs at a business, there is often panic and chaos as a result of poor planning. A disaster and incident response plan will help guide the business through such an event by providing a detailed methodology for dealing with the situation, speeding up the recovery process.


IR plans should include:

  • Legal and insurance contacts;
  • Inventory;
  • Contacts for business stakeholders;
  • Software license information;
  • Vendor contracts;
  • Backup strategies;
  • IT contacts;
  • Emergency contacts for building maintenance; and
  • An Incident Response firm.


The Importance of a Security Risk Assessment

The second root cause for many ransomware attacks is the lack of analyzing risk for the business. Most businesses have not conducted a thorough security risk assessment executed by a cybersecurity company. They have no idea of the size or scope of their attack surface, and the business often “feels good” about what their IT company has put in place. Without understanding where the business has risk, they cannot address it. A security risk assessment helps the business identify risk and put processes and technology in place to mitigate and reduce it.


A business should also be investing in security technology and training for its employees. Businesses are typically hit in one of two ways – their people or their technology. Having a formalized cybersecurity awareness training program helps mitigate social engineering scams. 


Other steps such as threat hunting, external and internal vulnerability management, penetration testing, EDR/XDR software, multi-factor authentication, comprehensive and off-site backup and third-party risk assessments will significantly reduce the attack surface and bring to light risks the business was not even aware of.

Implementing effective risk management strategies and combining it with cyber coverage is the best approach to mitigating the impact of an attack against a business.

KEYWORDS: cyber insurance cyber security ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Gary.salman


Gary Salman is CEO of Black Talon Security, a Katonah, N.Y.-based company specializing in cybersecurity solutions for small- and medium-sized businesses. He has more than 30 years of experience in information technology and software design. Salman also lectures nationally on cybersecurity topics.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • insurance-cyber-freepik5868.jpg

    The rising tide of cyber insurance premiums in the age of ransomware

    See More
  • insurance-policy-freepik1170x658v4.jpg

    The value of cyber insurance for small businesses

    See More
  • cyberinsurance

    With ransomware attacks increasing, cyber insurance now seen as a necessity, not a luxury

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • April 23, 2025

    Employee Perceptions of Workplace Safety in 2025

    ON DEMAND: Workplace safety continues to be a critical concern in 2025, with employees across industries expressing growing concerns about their safety at work.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing