Ransomware continues to raise tough questions for the private and public sectors

Private sector

Issuers of standalone cyber insurance, a $3 billion industry, are rethinking their standards during due diligence because of rising costs, partially because of ransomware. Insurers are asking more exacting questions of companies and requiring companies to show a higher level of internal protocols that protect against ransomware. The additional time and resources to complete this diligence contributes to rising costs of cyber insurance, now up 35% year over year. Companies should be ready for the added cost and time in order to become insured before a breach.

Public sector

New York, North Carolina, and Pennsylvania are all considering legislation to ban the payment of ransoms to hackers after a ransomware attack, hoping to discourage future attacks by removing the possibility of payout. State and local governments themselves were the target of at least 113 ransomware attacks in 2020. Cybersecurity experts are skeptical of the ban on payments stopping ransomware attacks, as payout is often much less costly than rebuilding the compromised systems. The FBI does not support the payment of ransoms. Regardless of the outcomes for the ransom-banning bills, it is clear that state and local governments are being targeted because of the combination of sensitive data and weak security systems. Many are calling for the federal government to aid state and local governments in improving their security protocols to reduce vulnerabilities.