Attackers’ greed for higher ransom colliding with hardening of cyber insurance says Chester Wisniewski at Sophos

Chester Wisniewski, principal research scientist at Sophos.
Chester Wisniewski, principal research scientist at Sophos.
3 years ago

Sophos, released its annual international survey and review of real-world ransomware experiences in the State of Ransomware 2022. The report shows that 59% of UAE organizations surveyed were hit with ransomware in 2021, up from 38% in 2020. The report summarizes the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa

The main findings for the UAE in the State of Ransomware 2022 global survey, which covers ransomware incidents experienced during 2021, as well as related cyber insurance issues, include:

  • Many organizations rely on cyber insurance to help them recover from a ransomware attack – 85% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack – and, in 100% of incidents, the insurer paid some or all the costs incurred
  • 98% of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies and fewer organizations offering insurance protection

“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” said Wisniewski. “In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service. Second, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands. However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky high ransoms. Sadly, this is unlikely to reduce the overall risk of a ransomware attack. Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit.”

Don't Miss

Chester Wisniewski, director, field CTO, Sophos

Most Educational Organizations Paid More Than the Original Ransom Demand, Says Sophos Survey

Sophos has published its annual sector survey report, , “The State of

Ransomware Groups Weaponize Stolen Data to Increase Pressure on Targets Who Refuse to Pay, Sophos Report Finds

Sophos has released a new dark web report titled “Turning the Screws: