01732 759725 34 CYBERSECURITY Continued... New Veeam report highlights limitations of cyber insurance can no longer be relied upon. This was a new area of enquiry in this year’s survey and the findings highlight the extent to which businesses rely on insurance to minimise the financial damage of an attack. More than half of surveyed organisations (57%) had a cyber insurance policy that covers ransomware to some degree and of the 80% that ended up paying a ransom, 95% had some form of insurance, with 77% using it for that purpose. However, the survey also shows that that insurance is increasingly patchy. Not only do cyber insurance policies in most cases provide no cover for the cost of downtime and the cost of remediation, but the cover enjoyed by 21% of organisations specifically excludes ransomware. Russell said: “It's a bit like purchasing flood insurance only to find out that the flood policy is not going to be activated by water damage. The very thing that ostensibly you purchased the cover for may be very, very difficult to obtain. Reliance on insurance, particularly cyber insurance, is going to be problematic for most of us going forward.” Buffington adds that on top of reduced availability, cyber insurance costs are becoming prohibitive for many organisations. “The reality is that in some areas you just can't get cyber insurance. But in almost all areas, it's becoming increasingly expensive, perhaps to the point of prohibition. Just 8% said for their last cyber insurance renewal there was no changes. That means that 92% faced changes including increased premiums (cited by 74%), increased deductibles (43%) and reductions in coverage benefits (10%).” Sub-optimal outcomes Generally, ransomware victims have two ways of averting a crisis – pay the ransom (with or without insurance) or restore-frombackup. Of the organisations questioned by Veeam, 59% paid the ransom and were able to get their data back, 21% paid the ransom but could not get the data back, 16% were able to recover their data without paying the ransom and 4% were not in a position to do either as the motivation of the attackers was simply to destroy data – “more arson than extortion”, as Russell put it. Buffington added: “When this research was done one year ago, 19% of organisations said they saved themselves. This year, only 16% did, so we’re going in the wrong direction. I just can't get over the fact that more organisations paid but could not recover than recovered without paying. To me that defines why as an industry all of us have to find ways to do better and to solve what really is a global problem.” Targeting backups There’s an interesting correlation between the proportion of organisations that were able to recover data themselves without paying a ransom (16%) and the proportion of organisations in which an attempt by bad actors to affect their backup repository failed (18%). “In 93% of cases bad actors specifically targeted the backup repository in order to remove organisations’ ability to recover themselves and in three out of four cases, the bad actor was successful in doing that,” explained Buffington. “I use the example of somebody pushing me off a boat. If I can swim back to the boat on my own, if I can find something floating in the water, I can save myself. The bad actors are basically trying to sell me a life preserver. And the only reason I won't pay for that is if I can save myself. What the bad actors are trying to do is remove my ability to save myself and in all but 18% of cases they're specifically targeting for that.” Overall, respondents estimated that ransomware attacks successfully affected (encrypted/deleted) 45% of their production data – two out of five hard More than nine out of 10 cyber attacks (93%) target backup storage to force ransom payment, reveals Veeam in a new report based on a survey of 1,200 organisations that experienced at least one successful cyber attack in 2022. In explaining the rationale for the survey, Veeam’s Vice President of Market Strategy Jason Buffington and Vice President of Enterprise Strategy Dave Russell highlighted three findings from the data protection and ransomware recovery leader’s earlier Data Protection Trends Report from January 2023: q In 2022, for the third year in a row, cybersecurity events were the cause of the most impactful IT outages. “Cyber was consistently the cause of the worst kind of crisis. It's one of the reasons why we often say ransomware is a disaster. It is as calamitous as fire, flood, hurricane, tornado. The difference is that ransomware is more of a when and not an if,” explained Buffington. w Only 15% of organisations had not been hit by ransomware in the preceding 12 months, down from 24% the year before. Russell points out that even that figure is likely to be too high due to the dwell time or gestation period of an attack. “It's possible someone's been compromised and they just don't know it yet,” he said. e It is not just the likelihood of an attack that is concerning but the frequency. Half (49%) of organisations got attacked two or three times, with 17% getting hit four or more times in a year. “More organisations got hit quarterly than believe they did not get hit at all,” said Buffington. “That epitomises the problem the world is facing right now when it comes to ransomware.” So what does Veeam’s 2023 Ransomware Trends Global Report tell us about the tactics of bad actors that might help organisations keep their data safe? Cyber insurance risk Firstly, it reinforces the obvious point that there is no substitute for an effective back-up and disaster recovery strategy to minimise the damage from a ransomware attack – not least because cyber insurance Learning from experience Jason Buffington The survey shows that that insurance is increasingly patchy. Not only do cyber insurance policies in most cases provide no cover for the cost of downtime and the cost of remediation, but the cover enjoyed by 21% of organisations specifically excludes ransomware.
RkJQdWJsaXNoZXIy NDUxNDM=