"Cyber Insurance Fail: Most Businesses Lack Ransomware Coverage"

Organizations do not have enough cyber insurance coverage to protect themselves in the event of a ransomware attack, with only 14 percent of businesses with 1,400 or fewer employees having coverage limits exceeding $600,000. These were among the findings of a survey of 450 business decision-makers for IT and security solutions conducted by BlackBerry and Corvus Insurance, which also revealed that more than a third of respondents currently lack coverage for any ransomware payment demands. Of the respondents, 59 percent said they hoped the government would cover damages if future attacks were linked to other nation-states, and nearly half of small to medium-sized business (SMB) respondents said they hoped the government would increase financial assistance in all ransomware incidents. Gary Davis, senior director of cybersecurity at BlackBerry, believes SMBs should hire a cybersecurity Managed Service Provider (MSP) to deliver the essential capabilities required by insurance providers in the most cost-effective and comprehensive way. According to the survey, increased software requirements demanded by insurance brokers are making cyber insurance more difficult to obtain, as more than a third of respondents said they had been denied coverage due to unfulfilled Endpoint Detection and Response (EDR) software requirements. The findings showed that even when organizations have cyber insurance, critical elements are missing, with 43 percent of survey respondents not covered for auxiliary costs such as court fees or employee downtime. Davis notes that he has seen no evidence that bad actors are slowing down, implying that organizations of all sizes and types should increasingly rely on cyber insurance to help combat the problem. This article continues to discuss key findings from the survey regarding cyber insurance. 

Dark Reading reports "Cyber Insurance Fail: Most Businesses Lack Ransomware Coverage"