Defense law firms that work on cyber liability panels can expect to receive an average of $8,600 in legal consultation fees, according to cost estimates from Chubb recently reported in Florida Trend magazine.
Total costs to respond to a cybersecurity claim can be as high as $73,300 according to Chubb, which based its information on an actual claim filed by a car component manufacturer that was struck by a ransomware attack.
What is Ransomware?
Ransomware is a type of software that typically encrypts the target’s data or prevents a network from accessing data necessary to carry out ongoing business and operational functions. The bad actor typically will then demand payment in the form of cryptocurrency in exchange for decrypting the information and restoring the network’s functionality.
These attacks are often carried out via email phishing. This is when the malware is deployed into the target’s computer system through a malicious link or embedded in an attachment within an email. Because the resulting encryption cripples a business’s operations, victims often give serious consideration to paying ransom. This scenario has led to a considerable increase in both business interruption and cyber extortion costs.
There is now a newer type of malware called a “banking trojan,” which allows the bad actor to see the victim’s financial information once it enters the computer system. These bad actors are continuously changing their methods and growing more sophisticated in attacks that result in cyber liability claims.
Statistics from the Chubb Cyber Index
- Malware claims, including ransomware, have risen to 18 percent of all cyber claims in 2019, up from an average of 12 percent over the past five years.
- Ransomware accounts for 40 percent of manufacturers cyber claims in 2019 thus far.
- Ransomware accounts for 23 percent of cyber claims for smaller businesses (revenue less than $25M) in 2019.
Industries Targeted by Ransomware
Ransomware can strike any public entity or company (and individuals), regardless of industry or size. However, the two industries which are most affected are manufacturing and professional services. Manufacturing accounts for 23 percent of ransomware claims reported to Chubb across all industries. Professional services accounts for 30 percent of ransomware claims across all industries.
It is likely that manufacturers are targeted because it is vital for them to restore operations quickly, so bad actors view them as being more inclined to pay the ransom to quickly restore operations. Professional services are often targeted in cyber liability attacks because their businesses engage in a high volume of email communications, presenting ample opportunity for malware transmitted into the organization.
“By regularly backing up data files and securing those backups offline, properly educating employees, investing in state-of the-art security and antivirus software, and purchasing a comprehensive cyber insurance policy, businesses can be better prepared and protected no matter the threat,” said a Chubb executive involved in financial lines claims. It is recommended that companies implement multiple layers of preventative measures and have a plan in place for dealing with an attack should one occur.
Chubb further cautions that some ransom demands have grown to the six-and seven-figure range, so it is essential that businesses have a plan in place to respond quickly to minimize risks if and when a cyber liability attack occurs.
The information in this article is for general purposes only and does not constitute, and should not be taken as, legal advice for any individual case or situation. This information is not intended to create, and does not create, an attorney-client relationship with DLD Lawyers. No content in this article may be reproduced by any means or in any medium without prior written permission of DLD Lawyers.
About the Author
Roger Jimenez is a certified information systems security professional with more than 15 years of experience in information systems and security management. He serves as DLD Lawyers’ director of IT and security. Roger has a BBA with concentrations in management information systems and marketing and MS in information technology. Two of his favorite pastimes are making things like sensor-laden, raspberry pi-remote-controlled rovers and applications (full stack); and legally breaking [into] things like algorithms and applications. He can be reached at firstname.lastname@example.org