Cyberinsurance has been around for decades. The recent proliferation of ransomware actors is affecting this industry. I’d heard that FIreeye, an upper echelon digital forensics and cyberdefense company, was going into underwriting ransomware attacks, but wondered if, based solely on its superb cyber skills, it would be up to the task, especially on the underwriting side. I also wondered about its solvency, something you’d get with an AIG. The concept of carriers considering to advise clients to NOT pay ransome is scary but interesting—something I’d never considered, large scale. In ransomware attacks’ early history, 1) Businesses would pay the typically small ransoms since ransom-attackers targeted them in the hope of getting quick pay outs (while law enforcement eschewed this behavior). 2) Ransomware attackers had a code whereby, if ransoms were met, they’d honor the promise to make a business’ data whole again, i.e., return, restore, decrypt, or NOT publish it. But now greedy attackers have changed mindsets, ergo, a growing need for serious ransom-ware insurance. Your article showed me new aspects of this and inspired me to continue reading about developments. Yet there are only two companies cited here that have an inkling of the technical challenges. So your article changed my view that technical companies shouldn’t broker and underwrite. Now I more firmly believe that non-technical, “standard” carriers won’t even understand the technical challenges ahead.
Cyberinsurance has been around for decades. The recent proliferation of ransomware actors is affecting this industry. I’d heard that FIreeye, an upper echelon digital forensics and cyberdefense company, was going into underwriting ransomware attacks, but wondered if, based solely on its superb cyber skills, it would be up to the task, especially on the underwriting side. I also wondered about its solvency, something you’d get with an AIG. The concept of carriers considering to advise clients to NOT pay ransome is scary but interesting—something I’d never considered, large scale. In ransomware attacks’ early history, 1) Businesses would pay the typically small ransoms since ransom-attackers targeted them in the hope of getting quick pay outs (while law enforcement eschewed this behavior). 2) Ransomware attackers had a code whereby, if ransoms were met, they’d honor the promise to make a business’ data whole again, i.e., return, restore, decrypt, or NOT publish it. But now greedy attackers have changed mindsets, ergo, a growing need for serious ransom-ware insurance. Your article showed me new aspects of this and inspired me to continue reading about developments. Yet there are only two companies cited here that have an inkling of the technical challenges. So your article changed my view that technical companies shouldn’t broker and underwrite. Now I more firmly believe that non-technical, “standard” carriers won’t even understand the technical challenges ahead.