Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers.
Back in 2019, fewer than 20% of enterprises suffered repeat ransomware attacks, while during the pandemic, the percentage rose to around 30%. And it didn’t stop with the pandemic, with 38% of organizations surveyed in 2022 reporting two or more successful ransomware attacks, those that attackers were able to lock systems, encrypt data, or exfiltrate information to demand a ransom, according to Barracuda’s report conducted by Vanson Bourne.
Companies with cyber insurance get targeted more
Cyber insurance plays a significant role in the numbers as they get targeted more, Barracuda Networks CTO Fleming Shi tells CSO. The survey found that 77% of organizations with cyber insurance were hit at least once, compared to 65% of organizations without insurance. In addition, of the companies that had cyber insurance, 39% paid the ransom.
To make matters worse, the research found that insured companies were also 70% more likely to be hit multiple times. Repeat victims were also more likely to pay ransom, and less likely to use backup systems to help them recover.
That doesn’t mean that having cyber insurance is a bad thing. Insurance companies insist on cybersecurity controls before they provide coverage, says Shi. “Insurance can play a positive role if you utilize it in a way that helps you improve your security posture.”