In 2020, ransomware caused businesses an estimated $20 billion in losses worldwide. Those losses were a substantial increase from 2019 when ransomware caused $11.5 billion in business losses. Not only is the ransomware scourge growing, but cybercriminals are also increasingly attacking smaller and smaller companies, often because they have less security in place.
Last week, a multi-industry Ransomware Task Force issued a long anticipated, extensive report regarding how to deal with the ever-increasing threat that ransomware is posing to businesses, and in turn, the global economy. Due to the broad composition of the task force, the report recommends addressing ransomware holistically and from a number of different angles; below you will find several highlights from this report. All companies, regardless of size, are strongly encouraged to work with outside counsel and forensic consultants to prepare for the ransomware threat.
The Payment Problem
The biggest challenge with ransomware is that victims are making the problem worse. That is, the more payments that the criminals receive, the more resources they can afford to contribute to their operations. While the report does not recommend making ransom payments illegal, it recommends that they be discouraged, if possible. For example, it recommends requiring companies to assess all options before paying ransom and creating a fund to help those companies who choose not to pay. It also recommends that the payments be discouraged by enacting laws that impose stricter regulations on cryptocurrency.
In addition, it urges insurers who end up paying ransom to aggressively assert their subrogation rights and pursue the cybercriminals. One suggestion is for the insurance companies to collectively create a subrogation fund to evaluate and develop strategies to recoup their ransomware losses and to work with law enforcement. That could prove crucial as cybercriminals are increasingly attacking companies that they know have cyber insurance. Those efforts, as well as insurance companies more frequently requiring their insureds to stronger protections and protocols, should help curb the ransomware epidemic.
The Safe Havens
As ransomware has…