What You Need to Know About Ransomware Insurance - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
08:00 AM
John Edwards
John Edwards
Connect Directly

What You Need to Know About Ransomware Insurance

Ransomware can bring business operations to an instant halt. Ransomware insurance can limit the immediate and long-term financial damage.

Credit: jamdesign via Adobe Stock
Credit: jamdesign via Adobe Stock

Like a fire, earthquake, or any other calamity, ransomware can devastate a business with no advance warning. Fortunately, as with most other disasters, enterprises that fall victim to a ransomware attack can turn to insurance to recover some or all of their stolen financial losses.

Given the rising frequency of attacks, it's not surprising that ransomware insurance sales are skyrocketing, said Mike Morris, managing director, cyber and strategic risk, at business and technology consulting firm Deloitte. "Ransomware insurance can be extremely effective when thoroughly analyzed to ensure that coverage is sufficient in the event an attack occurs," he noted. "It's critical to understand the fine print in the policy to ensure that at the moment of crisis, restoration is possible as fully and quickly as possible."

How It Works

Ransomware insurance is like any other type of cyber insurance. "Cyber insurance is about assessing the cyber risk, determining the potential losses due to attacks, and then obtaining coverage," said Bhavani Thuraisingham, a professor at the University of Texas at Dallas, as well as the executive director of the university’s Cyber Security Research and Education Institute. The unique challenge with ransomware is that once an attacker gets into the system, they have access to everything within. "[They aren't] just stealing your data but crippling your system by encrypting all of the data and files so that you can't have access unless you pay them a ransom," she explained. "It's like someone breaking into your house and stealing your jewelry, but also kidnapping your child and demanding a ransom," Thuraisingham quipped.

Bhavani Thuraisingham, University of Texas
Bhavani Thuraisingham, University of Texas

Ransomware insurance is generally sold along with, or in addition to, a general cyber insurance policy. The appropriate cyber liability insurance policy depends primarily on the applicant's industry and operations, observed Jack Dowd an account executive at insurance provider The Dowd Agencies. "Essentially, any business that handles customer information can benefit from the service," he said.

Cyber insurance is available in several different forms. "One type focuses on first-party responses and covers legal and related services to identify an actual breach and costs associated with regulatory compliance in the event of a breach," Dowd said. "This insurance also addresses the response to immediate customer needs, such as credit monitoring and educating customers about the breach." Crisis management and public relations expenses are typically included as well, as are expenses for business interruption and costs for additional labor associated with a claim, he added.

Another type of ransomware insurance addresses third-party defense and liability issues. "Such a policy may cover settlements or judgments that a victimized enterprise is responsible for due to a data breach, and may produce liability coverage for electronic media, which could include copyright infringement, network security, and privacy liability issues, Dowd explained.

Jack Dowd, Dowd Agencies
Jack Dowd, Dowd Agencies

Shopping for Coverage

Before committing to any particular type of ransomware insurance coverage, it's important to examine the policy closely, preferably with an attorney's assistance. "This includes the coverage amounts, including specific sub-limits for ransom payments [and] how the policy defines a covered event," said Michael Pisano, managing director and insurance industry internal audit leader at global consulting firm Protiviti.

It’s important to understand the types of events and losses a policy will cover, as well as what' s excluded. "As such, the organization’s risk management leadership should work with a qualified insurance broker to review and consider different options before purchasing coverage," Pisano said.

The best way to shop for ransomware insurance, Morris advised, is to work with an agent or broker to analyze policies offered by several insurance companies.  "At minimum, make sure insurance coverage includes data restoration and loss of encrypted data, repayment of ransom demands, as well as coverage for any regulatory actions from federal agencies, state, or local government," he said. "Understanding policy exclusions and standards is key as well."

Mike Morris, Deloitte
Mike Morris, Deloitte

An Unintentional Incentive?

There's currently a major debate raging within the security industry as to whether providing coverage for ransom payments unintentionally incentivizes ransomware attacks. Pisano noted that cyber criminals have been known to specifically target enterprises they believe, or have reason to suppose, are covered by ransomware insurance. Such organizations, the attackers hope, will be more likely to agree to a rapid financial settlement.

Pisano observed that insurers are beginning to catch on to this trend. "In fact, some companies have started to exclude ransom from their cyber covers, though I haven’t heard of many doing so yet," he said.

Like any insurance policy, ransomware policies frequently limit how much ransom an insurer will cover, as well as other requirements to cover claims. "For example, some policies require insurer approval before paying ransoms in order for a claim to be covered," Pisano noted.

Michael Pisano, Protiviti
Michael Pisano, Protiviti


Prevention is the best way to avoid the financial damage a ransomware attack can inflict. Thuraisingham compared the challenge to an individual protecting his or her health. "We want to lead a healthy life so that we don't fall sick," she said. "Similarly, you should protect all of your systems, data, and processes so that the attackers cannot get in," Thuraisingham advised. "I cannot overemphasize proper backup procedures," she stated. "This is crucial."

Related Content:

The Experts Guide to Ransomware Response  

Building Confidence with Data Resilience

What's New in IT Security?


John Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll