Cyber Attack: Should Your Clients Pay Ransoms?

Cyber Attack: Should Your Clients Pay Ransoms?

Ransomware is a type of malware that attacks a computer, encrypting data and demanding a ransom payment to release the files. When an organization’s data is attacked in this way, hackers give the option to pay up and receive an encryption key or lose the data forever. Research shows that a business is attacked by ransomware every 11 seconds. This common and growing crime has resulted in nearly $1 billion in annual ransom payments. All organizations in every industry are at risk of becoming victims to cyber hackers. Once they do, they face a very difficult decision: should you pay ransomware demands?

Why You Should Not Pay

The FBI advises ransomware victims to refrain from paying the ransom for the following reasons.

  • The hackers are criminals, after all. Therefore, they may not release the stolen information, even if they received payment for it.
  • The business may be seen as an easy target after paying the ransom and could become a more frequent victim of future attacks.
  • Even if the encryption key is provided after payment, it may not work. In addition, there could be additional malware hidden for a later attack.
  • If the attacker is operating from a sanctioned country, paying the ransom may be illegal under U.S. law.

Why You Should Pay

What happens if you pay the ransom? Some recent trends suggest that paying the ransom may be a good idea. 

  • Sometimes, the cost of recovery exceeds the amount of the ransom. In May, Baltimore was attacked with ransomware that blocked access to government systems. The city refused to pay the demand of $76,000. After two months of struggling, the attack is estimated to cost over $18.2 million in lost revenue and restoration costs.
  • If the threatened release of files could do irreparable damage to the company’s reputation, the company may decide the risk is not worth it.
  • Most hackers, ironically, behave honorably when restoring the data after receiving a ransom payment. These cybercriminals need businesses to trust that they will get their data back for their ransom demands effectively. 

Your Best Move

The best move is to obtain cyber insurance and adopt a comprehensive cyber security program that will help the business avoid falling victim to a ransomware attack. Ultimately, if a company is attacked, whether to pay ransomware depends on whether the business can withstand the hit. Variables to consider are the nature of the attack, the nature of the business, and the nature of the risk. 

When a ransomware attack victimizes a company, it feels as if there is no good solution. However, the best choice for the organization is to create a quality security infrastructure to avoid becoming a victim in the first place.

About Connected Risk Solutions

At Connected Risk Solutions, we provide our agent partners with bold solutions for comprehensive insurance and risk management that are unmatched in the industry. We have market connections and collective decades of industry experience, including deep specialization in healthcare liability and managed care E&O, cyber and tech liability, management and professional liability, as well as captive management and risk management. We strive to develop creative solutions no other wholesaler can match and to help our agent partners give their clients the ability to achieve continued growth while simultaneously protecting against loss.

Our specialists, located in offices throughout the country, are responsive and engaged. To learn more, connect with us.

Table of Contents

Related Posts:
cyber insurance
Exploring the Intersection of Cybersecurity and Managed Care: Challenges and Opportunities
The healthcare industry is undergoing a unique transformation where data and technology take the spotlight....
professional liability insurance
The Growing Need for Professional Liability Insurance in Healthcare
The increasing demand for professional liability insurance within the healthcare sector cannot be emphasized...
cyber insurance
Emerging Technologies in Managed Care: Enhancing Efficiency and Patient Outcomes
By incorporating technology into a managed care practice, there is an opportunity to improve patient...