According to the BlackBerry cyber insurance coverage study, only 19 percent of businesses surveyed have ransomware coverage limits greater than $600,000, while 59 percent hoped the government would cover damages resulting from future nation-state-linked attacks.
According to the BlackBerry and Corvus Insurance study, the problem is especially acute for small and medium-sized businesses. According to the survey, only 14 percent of businesses with fewer than 1,500 employees have coverage limits exceeding $600,000. According to BlackBerry, a recent Forrester report estimated that the cost of investigating and recovering from a typical data breach would cost an average organization $2.4 million.
"Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage," Shishir Singh, executive vice president and chief technology officer, cyber security at BlackBerry, said in a statement. "For uninsured and underinsured organizations, this potentially puts them in extreme jeopardy.
"The cyber underground is increasingly sharing learnings and partnering to make threats as efficient as possible," Mr. Singh said. "It's vital businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk."
Many businesses surveyed indicated that their current cyber-risk coverage is inadequate. Some 37% of respondents said they are not currently covered for ransomware payments, while 43% said they are covered for costs such as court fees or employee downtime.
According to those polled, cyber insurance has become more difficult to obtain as a result of insurers' increased requirements. More than one-third of respondents said they'd been denied coverage because their endpoint detection and response (EDR) software didn't meet certain requirements. However, BlackBerry noted that the increased requirements may be having an effect on ransom payments.