Cyber insurance companies may urge clients to pay ransoms because insurance losses from not paying may be more than the ransom demand. “(E)ven when companies do want to hold out, insurers may be pressing them to pay. Since they tend to cover both ransomware payments and business interruption due to ransomware attacks, if the costs of expected downtime and business disruption exceeds the costs of paying up, insurers can and do diverge from their clients when it comes to the costs and negatives incentives around ransom payment.”
The 2007 NotPetya ransomware attack caused an est. $10 billion in global damages, prompting the industry to move cyber breach insurance beyond traditional property/casualty policies, reports SC Media. Cyber insurance companies paid out app. $2.7 billion in damages, including individual company pay outs of $300 million or more according to the report.
Source: SC Media | How the ransomware explosion is reshaping the cyber insurance market