As ransomware threat increases, a shift in minimum cyber insurance standards is hardening digital defenses

In the last decade, the threat of ransomware and other cyberactivity has increased dramatically—more than ever, targeted organizations are paying the criminal perpetrators to have their information restored. 

“Over the last year there has been an almost threefold increase in the proportion of victims paying ransoms of $1 million or more: up from 4 percent in 2020 to 11 percent in 2021,” according to a new report from Sophos, “The State of Ransomware 2022,” which surveyed 5,600 internet technology professionals, including many in the public sector. The research was conducted independently by Vanson Bourne across 31 countries during January and February of this year.  

This increase correlates with a few other data points that are also on the rise, like the average amount being paid for ransoms (about $130,000 currently in the United States) and the frequency of attacks, which are up nearly 80 percent year-over-year. 

Sixty-six percent of those surveyed said their organization been targeted in the last year, representing a 78 percent jump from 2020.  

Of nearly 200 respondents in the public sector, 58 percent reported experiencing some sort of ransomware cyberattack. A little more than 30 percent among those who did paid the ransom. 

In sectors that are adjacent to local government—three-quarters of which reported a ransomware attack in the last year—the payout percentage was higher. Among managers overseeing energy and public utility organizations, for example, 55 percent of those who’d experienced an attack reported their organizations had paid to regain access to locked information. 

The data demonstrates a concerning trend experts have been warning about for some time: “Adversaries have become considerably more capable at executing the most significant attacks at scale. This likely also reflects the growing success of the ransomware-as-a-service model which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack,” the report says. 

But amid this digital evolution in the criminal underworld, increasingly, paying a ransom isn’t a reliable way for victims to regain access. Only about 60 percent of all those who’d paid a ransom had some information restored after the fact, and only 4 percent received all of it in return.  

“Simply throwing people and money at the problem is not the solution; rather you need to invest in the right technology and have the skills and know-how to use it effectively,” says the report, which notes that many organizations are increasingly turning to comprehensive backup systems as a defense measure. “Organizations should look to partner with experts that can help them improve the return on their cybersecurity investments and elevate their defenses.” 

Along with backup systems, those investments include cyber insurance, which has jumped in popularity as attacks have increased. Likewise, it’s become more complicated, comprehensive and expensive. Baseline and minimum standards have also increased. 

This shift is hardening the digital defenses of organizations across all sectors, including local government, because they must invest more in their cyber defenses to qualify for cyber insurance coverage. The report notes that “97 of organizations that have cyber insurance have made changes to their cyber defense to improve their cyber insurance position. Sixty-four percent have implemented new technologies/services, 56 percent have increased staff training/education activities, and 52 percent have changed processes/behaviors.” 

In light of the  growing digital threat nationally, the Cybersecurity and Infrastructure Security Agency (CISA) recommends that local governments take steps to mitigate risk, namely through: Vulnerability and configuration management such as by “updating software, operating systems, applications, and firmware, with a prioritization on patching known exploited vulnerabilities; implementing a centralized patch management system; and replacing end-of-life software,” according to a joint statement from CISA, the FBI, NSA and international partner agencies. 

Other steps recommended in the brief include implementing multi-factor authentication for all users, by disabling unnecessary network ports, services and devices, encrypting traffic and properly securing internet-facing network devices.