By Kelly Butler ,
Cyber Practice Leader, Marsh Specialty
23/08/2022 · 8 minute read
As the remote workforce from the pandemic expanded, ransomware attacks increased 148%. Bad actors have discovered a rich environment of unsecured Wi-Fi, vulnerable equipment, and outdated intrusion prevention software. Attacks are not only more frequent, they’re swifter — a new remote desktop protocol (RDP) is discovered just 90 seconds after it is opened to the internet.
Ransomware has become an industry, and every organisation is a potential target. Attacks now routinely disrupt operations for days or weeks; the average downtime in the fourth quarter of 2020 was 21 days. In addition to downtime and remedial expenses, ransomware demands have skyrocketed, with extortion demands increasingly exceeding $10 million.
More than 70% of attacks now also include data exfiltration, which bad actors use as a coercion tactic to entice companies to pay higher ransom demands. Layer in regulatory and compliance considerations, and you’ve got a complex issue to navigate.
Companies with poor cyber hygiene can become low-hanging fruit. Cyber-attackers are constantly evolving their tactics and scanning corporate technology environments to identify companies with poor cyber hygiene, such as lax controls or unpatched software. The increase in attack sophistication shows no signs of slowing.
Organisations that take a robust approach to ransomware preparation can increase their odds of avoiding an attack, recover more quickly, and minimise the impact of an attack. It’s critical for organisations to be prepared well in advance of a potential incident. The bottom line: Planning is everything. Read on for three of the best practices that an organisation can adopt.
Your organisation should have an effective cyber incident response plan in place that specifically includes ransomware. Unfortunately, many organisations with a plan in place do not update it — or test it — to address new risks. In fact, fewer than 50% of organisations have reviewed or updated their cyber incident response plan in the past year and only 40% planned to invest in cyber incident planning and preparation, according to the 2019 Marsh Microsoft Global Cyber Risk Perception Survey.
Here are some steps you can take immediately to prepare for a potential ransomware attack:
The top three ransomware attack vectors are RDP compromise, software vulnerabilities, and email phishing. Improving cyber hygiene can help limit potential exposure to attacks. At a minimum, companies should focus on the following hygiene essentials to mitigate the effects of a ransomware attack:
Consider ransomware as part of your organisation’s broader risk management efforts. Take into account your risk tolerance, cybersecurity controls, cyber insurance coverage, broader enterprise risk management programs, and value chain as you review and develop your ransomware plans and prepare for the possibility of an attack.
Quantifying cyber risk in financial terms allows you to express cyber risk in a language common to all business stakeholders: economics. Equally important, quantification allows organisations to frame cyber in the same terms as other business risks and evaluate risk management investments on the same financial basis.
Ransomware attacks can be devastating from a cost perspective — and the impact of an attack is directly tied to an organisation’s controls and incident response planning. Consider the cost of your systems being down for 14 business days as you rebuild your network from scratch. Was data stolen? Will you negotiate with the bad actor? systems being down for 14 business days as you rebuild your network from scratch. Was data stolen? Will you negotiate with the bad actor?
Ransomware attacks can play out in countless ways. It’s important to consider the financial impacts they could have on your organisation and your balance sheet’s ability to cover these costs. Due to the unpredictable severity of such attacks, many look to transfer their risk and turn to cyber insurance.
While understanding the financial impact of your ransomware exposure is essential, it’s only one piece of a comprehensive cyber risk management strategy. Risk transfer can help protect an organisation’s balance sheet and provide resources if risk mitigation tactics fail.
Cyber insurance can provide comprehensive coverage for ransomware attacks, including for ransom demands, business downtime, and associated costs. Cyber policies may also provide access to vendors to help with response as well as resources for clients on incident response planning, employee training, legal, forensics, and breach notification services.
The effects of a ransomware attack can be anticipated. With solid planning, your organisation will be well positioned to handle a potential attack.
For more information about Cyber Risk and how Marsh can support your business, please contact your Marsh representative.
Marsh Pty Ltd (ABN 86 004 651 512 AFS Licence No. 238983) arrange this insurance and are not the insurer. The information contained in this publication provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisors regarding specific coverage issues. All insurance coverage is subject to the terms, conditions, and exclusions of the applicable individual policies. Marsh cannot provide any assurance that insurance can be obtained for any particular client or for any particular risk. If this communication contains personal information we expect you to treat that information in accordance with the Australian Privacy Act 1988 (Cth) or equivalent. You must advise us if you cannot comply. © Copyright 2022 Marsh Pty Ltd. All rights reserved. LCPA: 21/234.