Ransomware Insurance is it worth it

tscbrandon · 2018-02-02T17:24:04.000Z

The office manager at one of my clients just came to me and said I need to fill out a questionnaire for their insurance company so they can get ransomware insurance. Is this even worth it? The company has 25 employees. We have a domain, hourly on-site image backups with storage craft to external drives, the main business software package is cloud hosted, the e-mail is cloud hosted by office 365 and I’m blocking a lot of specific countries with the spam filter. We have an untangle box in place with content filtering, virus filter, ad blocking and any external users have to VPN in for access to their PCs. The only open ports are for their SIP trunks and those are locked down to the 2 IPs of the sip servers both primary and secondary. Also the users are very well trained to call me when they don’t know if an e-mail is real or not.

The insurance company is trying to scare him into getting it but is it worth it?

z-rogue · 2018-02-02T18:35:10.000Z

Does this org not already have some sort of cyber insurance? I would feel that a specific insurance targeting ransomware doesnt make sense. If it was part of the cyber overall then why not.

This is going to be a damned if you do and damned if you don’t scenario. If the org is willing to do it, do it. But maybe estimate the downtime and damage that may occur and compare the costs.

Are those backups separated from the rest of the network somehow? Backups every hour are great, but only if they are separated enough to avoid being overwritten.

tscbrandon · 2018-02-02T19:24:57.000Z

Z-Ethan:

Does this org not already have some sort of cyber insurance? I would feel that a specific insurance targeting ransomware doesnt make sense. If it was part of the cyber overall then why not.

This is going to be a damned if you do and damned if you don’t scenario. If the org is willing to do it, do it. But maybe estimate the downtime and damage that may occur and compare the costs.

Are those backups separated from the rest of the network somehow? Backups every hour are great, but only if they are separated enough to avoid being overwritten.

The backups go to USB drives that are rotated every day.

It wasn’t cyber insurance it was specifically ransomware insurance. And the insurance sales men was try to scare him by saying a company in a different city in the same field as them had all their data encrypted and had to pay 15,000 to get he data back.

I told my client if the only recourse for that company was to pay the ransom they should fire their IT company because they should have a better disaster recovery plan then that. And understand in some cases it makes sense to pay the ransom because it could cost more to restore everything for example some of the hospitals that have got hit with ransomware.

jaredherbst · 2018-02-02T20:22:28.000Z

You might also wish to inquire about whether or not said ransomware insurance also requires some form of employee training program. Something like KnowBe4 is usually a required item for them.

@stu-knowbe4

dbeato · 2018-02-09T02:51:49.000Z

Sometimes even Cyber Isurance is not enough without user training. Take a look at the post below:

blog.knowbe4.com

Your Cybercrime Insurance Policy May Not Cover You For Social Engineering Fraud

Your cybercrime policy may not include damage caused by scams that hack your humans using social engineering tactics. Check with your broker to be sure!

eaglemitchell · 2018-02-19T20:51:28.000Z

Again, user training is extremely important. Check out KnowBe4 just like dbeato said as that will do a great job of helping user training. On the other side of this question, I manage the IT infrastructure for an insurance company. With that being said, Cybersecurity Insurance is a VERY profitable emerging insurance book, and by that I mean it is profitable for insurance companies. READ THE FINE PRINT in the policy, many times they require you to fill out that questionnaire which essentially makes you go through significant steps to protect your network and then indicates in the fine print that if the infection is caused by any user interaction, there is a limit of coverage down to even not covering it at all. I would suggest working with an insurance broker that you trust to give you specifics and help dig into the policy before jumping on it.

staceye · 2018-03-01T16:43:50.000Z

Think about insurance in general, many of them will not cover specific things which are spelled out in the policies. If you choose to purchase this insurance, make sure you read the fine print - I would imagine if things really went South, there will be some cause that they will not cover. Make sure you have great backups and a disaster recovery plan and forego the insurance. Training your users is extremely important as well, purchase KnowBe4 for user training so they will be able to help keep any ransomware attacks at bay.

tony-morro-data · 2018-03-01T17:04:59.000Z

Problem with that insurance is that sometimes when you pay, the encryption doesn’t work. A good backup and recovery system is necessary anyways, Ransomware is the same as any data loss event. What was the office manager’s understanding of the threat of ransomware?

jeff-varonis · 2018-03-05T14:05:32.000Z

Why spend money on Ransomware insurance when you can set up Varonis to detect and prevent ransomware attacks, in addition to building a full spectrum data security platform.