Amid a resurgence in cyber incidents targeting companies, a notable shift has emerged: fewer firms are succumbing to ransom demands. Matt Ross, national cyber claim leader at insurance brokerage Marsh McLennan, highlighted this change during a webcast, attributing it to organizations’ enhanced awareness of the significance of maintaining separate system backups, enabling faster system restoration.
Ross emphasized that having independent backups positions companies better in negotiations with threat actors, allowing them to negotiate while simultaneously restoring systems. He advised companies to take their time during these negotiations, provided the system isn’t entirely down, fostering a stronger bargaining position.
A nascent trend has arisen in certain states and local governments, including Florida and North Carolina, passing laws that bar entities receiving public funds from engaging in ransom negotiations. While primarily impacting public entities like school districts and hospitals, these laws could extend their influence to private companies that receive public funds, potentially posing challenges that could lead to business closures.
The potential growth of this trend hinges on the efficacy of these initial laws. Ross speculated that if these jurisdictions demonstrate cost savings by not paying criminals, more regions might adopt similar legislation.
Ross debunked the misconception that companies need not report incidents if they prevent data access by suppressing or deleting it. He emphasized the obligation to report incidents based on the number of affected individuals, as aggressive third-party privacy lawsuits, particularly in healthcare, are on the rise.
Addressing the evolving landscape, Ross noted a shift in criminal enterprises, with more amateur groups utilizing ransomware-as-a-service tools, leading to unpredictability in negotiations and decryption reliability. Consequently, companies previously hesitant about cyber insurance are now considering it as a risk transfer mechanism.
He advised companies to engage third-party professionals for legal, compliance, and forensic support in incident response, advocating for a collaborative approach to mitigate breach costs and enhance future incident resilience.
Ross concluded by stressing the importance of seeking professional support, leveraging attorney-client privileges, and engaging cyber specialists to navigate incidents effectively, minimizing potential fallout.
