Dallas-based Steven Anderson, vice president and product leader-cyber for insurance giant QBE North America, disagrees. “The reality is that the average demand is between $5,000 to $10,000,” he explained. “From an insurance carrier’s perspective, we want our insureds to have a solution that drives cost down, both for them and us. What we have seen is that by paying the ransom, those costs are mitigated in most cases.” The size of the company and its deductible are also factors, Anderson adds. “If the firm is a smaller firm, they may have a deductible that is well below the demand and therefore it makes sense to proceed with payment.” The costs of a ransomware attack, Anderson cautions, can be substantial, and include “investigation costs, legal liability, regulatory liability, business interruption, direct theft costs, and damage to customer relations and reputation.”
Now Available!
Join Us On LinkedIn
Join the Cybersecurity and Incident Response Group on LinkedIn