Targeting Of Companies With Cyberinsurance

Smaller businesses that weren’t attractive ransomware targets historically might be more appealing today due to the increased adoption of cyberinsurance among SMBs, according to Rob Cataldo, managing director of Kaspersky North America. Cybercriminals do reconnaissance looking specifically for the presence of a cyberinsurance policy in a target’s environment before deciding to attack, he said.

Organizations with cyberinsurance are seen as more likely to pay a ransom if the threat actor attempts to extort them since the amount of the ransom is often less than the projected cost of restoring without a decryption key, Cataldo said. SMBs need to invest in putting together a risk mitigation strategy that outlines how the business plans to prevent, detect, mitigate and accept certain risks, Cataldo said.

As cyberinsurance moves beyond large enterprises and pushes downmarket into the SMB space, Cataldo said it’ll be interesting to see which regulations or requirements cyberinsurance providers start to institute as part of the underwriting process. Cyberinsurance providers have good reason to avoid taking on ultra-risky clients since they’re far more likely to end up filing expensive claims, Cataldo said.