In its latest blog, Gallagher identified business impacts and costs involved in a ransomware event:
Gallagher said businesses that received a ransom demand must look into several factors before taking the next step – if they can restore data via backups, whether the sum might be negotiated or refused, or if there are legal ramifications to paying the attacker. In some cases, threat actors might be affiliated with groups subject to sanctions against legal payment, for example, links to terrorists or human trafficking.
Gallagher advised businesses to improve their cybersecurity resilience because it is a crucial factor to consider when responding to the hackers: “Is your business data backed up so you're able to restore the lost information, for example? Do you have a business continuity plan?”
It also warned that ransom payment might expose the business to governance risks, noting increasing moves towards regulating ransom payments, especially if they are to criminal actors with links to sanctioned organisations. Therefore, when considering paying the ransom, businesses must take note of its broad implications, such as the legality of payment, reporting requirements, company directors' duties, regulatory risks and class actions, legislation impacts, insurance considerations, and reputational damage.
Having cyber insurance also helps in dealing with ransomware attacks because it provides expertise and support in a ransomware event, including access to experts in negotiation, forensic investigation, and remediation measures and cover for the legal and reputational costs involved.
“Because responding to a ransomware attack – even without paying a ransom – can destroy a business financially, having insurance that covers the major demands involved is critical,” Gallagher said.
