Cyber Insurance Becomes Boomerang, There Is An Increase In The Sharp Demand For Ransomware Ransom

The existence of cyber insurance can actually exacerbate the impact of ransomware attacks. (photo: dock. istock)

JAKARTA - A recent study reveals that the presence of cyber insurance can actually exacerbate the impact of ransomware attacks. According to the report, if the perpetrator finds out that the victim has a cyber insurance policy, they will drastically increase the ransom, making the situation even more detrimental to the victim.

Ransomware is a type of cyberattack that encrypts victim data, so it cannot be accessed without a special key. The only way to recover data "if there is no backup" is to pay the ransom requested by the perpetrators. Without sufficient funds, victims can lose all their important data.

In general, the best preventive measure is to regularly back up data, use trusted antiviral software, and be careful when browsing the internet. However, many individuals and companies are now also turning to cyber insurance as additional protection. This type of insurance is designed to bear losses due to data breaches or cyberattacks.

However, a study by Dutch police officer Tom Meurs showed that having cyber insurance could backfire. Based on his findings, ransomware actors tend to check first whether the target has insurance before encrypting data. If there is, they increase the ransom demand to an average of 2.8 times the initial number even in some cases can reach 5.5 times.

"The ransomware perpetrator is targeting victims who are insured because they know that insurance companies will most likely pay the ransom," Meurs wrote in the report. Thus, companies that have cyber insurance can actually be the main target, or in terms: white whale the perpetrators of cyber crimes.

This finding is based on an analysis of 453 ransomware attacks that occurred between 2019 and 2021. This data shows a consistent trend of the perpetrators getting more organized, and is now actively adjusting the ransom demand based on the information they dug up from the victim's system.

Although cyber insurance remains important as a form of protection, this report warns that passive protection alone is not enough. Companies need to complement insurance with more proactive system security and security awareness exercises for employees, so they don't just depend on insurance claims when an attack occurs.