Our industry experts provide insurance coverage, services and solutions tailored to meet your specific needs.
At Gallagher we believe that enabling your people to be better, means your business can start achieving its best.
We believe that in every organisation, and in every person, there are dreams, desires and potential waiting to be fulfilled.
Cyber crime is a growth industry and no business can consider itself immune from an attack and extortion demand in exchange for their data. As hacking technology has evolved, the threat to businesses of any size or type has spread to supply chains, customers and email contacts so it's advisable to have a response plan. Here our cyber risk experts advise on key aspects to consider when negotiating with a hacker.
Globally the cost of ransomware attacks has rocketed to $20 billion, with one occurring every 11 seconds. In Australia businesses are on notice to be prepared to respond to a cyber security breach at any time.
Entry to your business systems may be via remote access, a hardware or software vulnerability, malicious email or stolen credentials — but the methodology behind 42% of attacks is unknown.
The number of ransomware attacks in Australia last year is estimated to have been between 2500 and 3000. These occur across multiple sectors but attackers do have preferred targets.
1. Professional services 20%
2. Public service providers 15.88%
3. Manufacturing 11.57%
4. Healthcare 11.46%
5. Applied technologies 6.77%
6. Financial services 6.55%
7. Retail 4.86%
8. Critical infrastructure 4.42%
9. Hospitality 0.9%
10. Entertainment 0.59%
11. Pharmaceuticals 0.27%
12. Biotechnologies 0.27%
(Source: Arete cyber incident response services 2022)
Professional services represent almost 20% of Australian businesses sustaining ransomware attacks due to their business model: distributed networks, interconnected entities and remote workers sharing the business systems. They are also sensitive to business downtime because halting operations would be noticeable to their clients.
Insight and steps to successfully navigate the extortion payment process.
WATCH NOWIn terms of value financial services pay an average ransom of $2.61 million compared to less than $1 million for other sectors which usually pay between $50,000 and $13,000. The additional costs involved in responding to an attack are also higher for the financial sector (Arete).
Ransom communications from the hacker may be via voice messages, emails or directly to your computer system. They may direct you to a dark web chat room to receive instructions for payment. The data is usually restored on payment of the ransom in bitcoin — otherwise this extortion model wouldn't work.
Ransomware attackers range from highly sophisticated and sometimes state-backed cyber crime organisations through to technically unskilled criminals. Threats may be to destroy, sell or publish the data if the payment deadline is not met. Knowing the identity of the threat actor can inform how to respond to their communications.
Quick question: does your business have access to cryptocurrency — or the amount of the payment? Once a business has received a ransom demand they need to decide on next steps, if the business is capable of restoring the data via back-ups, if the sum might be negotiated or whether to refuse to be extorted, or if there are legal ramifications to paying the attacker. In some cases threat actors may be affiliated with groups subject to sanctions against legal payment: links to terrorists or human trafficking, for example.
Your business's level of cyber security resilience has a strong bearing on how you respond to a ransom attack. Is your business data backed up so you're able to restore the lost information, for example? Do you have a business continuity plan?
Payment of the ransom could expose your business to governance risks. There are increasing moves towards regulating payment of ransoms especially if they are to criminal actors with links to sanctioned organisations. This issue highlights the importance of conducting due diligence and the role of an informed negotiator.
One of the most valuable provisions of cyber insurance is access to skilled negotiators who may be able to reduce the sum of payment. They may also know of the threat actor and whether they are subject to regulatory sanctions.
Negotiators will try to prolong the bargaining process and beat the demanded price down, but the targeted business needs to have an exit strategy if the attacker refuses to budge.
Attackers usually set a price based on what they believe the victim can pay quickly but their demands may be highly negotiable.
Because responding to a ransomware attack — even without paying a ransom — can destroy a business financially having insurance that covers the major demands involved is critical.
Crucially cyber insurance provides expertise and support in a ransomware demand situation, including access to experts not only in negotiation but also forensic investigation, remediation measures, as well as cover for the legal and reputational costs involved.
In addition to cyber insurance protection, our cyber specialism offers expertise, advice and resources for building businessDuring this time of change you can turn to our Gallagher experts for advice and guidance. We are here for you and will do everything we can to help you face the future with confidence.
To the extent that any material in this document may be considered advice, it does not take into account your objectives, needs or financial situation. You should consider whether the advice is appropriate for you and review any relevant Product Disclosure Statement and policy wording before taking out an insurance policy. Gallagher's Financial Services Guide is available on request or can be found on our website. We attempt to ensure that the Content is current but we do not guarantee its currency. You should seek legal or other professional advice before acting or relying on any of the Content.
Start your journey with us today
Keep up to date with the latest news, insights and industry articles.
