Hit by a ransomware attack? Here’s what to do

The list of high-profile ransomware attacks grows longer and more alarming by the week, impacting everything from gas pipelines and meat supplies to ferries. Those companies and agencies that get hit must scramble to protect their systems and a tough decision on whether to pay hackers to remove the disruption.

In the face of that situation, affected companies may rush to reach out to their IT teams, police, crisis PR, lawyers and law enforcement. But, frequently, one of the first calls is to their insurance provider.

Companies often purchase specific cyber insurance plans to help protect their systems and cover any losses from a cyberattack. And ransomware, which allows hackers to take over computer systems (or even physical infrastructure) and extract fees running into the millions of dollars to unblock them, has only boosted the demand for that insurance.

But this lifeline may also be getting harder to access for companies because of rising costs, more stringent requirements from insurers and increased scrutiny from the government when foreign hackers are involved.

Growing demand

AIG, one of the world’s largest insurers, says it saw a 150% increase in ransom and extortion claims between 2018 and 2020. Ransom demands now account for one in every five cyber insurance claims, the company added.

‘Data-intensive companies were the first … but over the last number of years all types of industries have started purchasing cyber insurance,’ Tracie Grella, AIG’s global head of cyber insurance, told CNN Business. ‘I think at this point it’s certainly clear that all industries are impacted, all have to manage cyber risk.’

Depending on the size of the company and what…