Cyber Insurance Providers Are Wary of Ransomware Payouts
In 2021, 3 in 10 government organizations reported paying ransomware to restore encrypted data, according to Sophos. Government organizations paid $213,000 in ransom on average that year.
A Sophos report titled “The State of Ransomware in State and Local Government 2022” notes that 80 percent of state and government organizations have obtained cyber insurance for coverage against ransomware attacks (the cross-sector average was 83 percent). To lower cyber insurance costs, state and local agencies have fortified their cybersecurity defenses, the report notes: “96% have upgraded their cyber defenses to secure coverage.”
State and local government organizations experienced an “above-average rate of ransomware payout by insurance providers,” as insurance companies paid out in 49 percent of ransomware attacks, versus 40 percent across all sectors.
Policies have become more expensive, and requirements have become stricter in the face of these payouts. Agencies that lack strong cybersecurity protection can find it difficult to obtain adequate coverage.
Documenting strong cybersecurity protections can help governments acquire sufficient cyber insurance. Documentation may include certifying capabilities for patch management, asset management, multifactor authentication and more. Agencies should also procure and document annual third-party penetration tests and additional assessments to identify vulnerabilities.