Ransomware attacks are a major threat to businesses worldwide, with 66% of companies falling victim to these malicious attacks in the last year alone. In response to this growing trend, many companies have started to build a "war chest" of bitcoins as a precautionary measure against future ransomware attacks. Holding bitcoins is becoming an increasingly popular option for companies looking to protect themselves from the financial and reputational damage caused by ransomware attacks.

THIS ARTICLE IS WRITTEN BY CEM ADIYAMAN. CEM ([email protected]) HAS A STRONG FOCUS ON LAW & TECHNOLOGY WITHIN RSM NETHERLANDS BUSINESS CONSULTING SERVICES. 

What about cyber insurance?

Cyber insurance is a type of insurance policy that provides coverage for losses and liabilities that a company might incur because of a cyber-attack or data breach. The purpose of cyber insurance is to protect a company's financial interests in the event of a cyber-incident, such as theft of sensitive information, loss of revenue due to system downtime, and costs associated with restoring the affected systems.

Typically, small businesses can expect to pay anywhere from $50 to $500 per month for cyber insurance coverage, while larger businesses may pay several thousand dollars per month. This fee for cyber insurance is typically calculated based on the estimated risk of a cyber-attack and the amount of coverage required. The insurance company will consider several factors when determining the monthly fee, such as the type of data being stored, the company's level of cybersecurity, and the likelihood of a data breach occurring. The insurance company will also consider the cost of potential losses in the event of a cyber-attack, including the cost of notifying affected individuals, the cost of restoring systems and data, and the cost of any legal or regulatory fines. In recent years, the amount of data that companies collect and store has increased dramatically. This has made it more important than ever for companies to understand the risks associated with managing their data, and to take steps to protect it from theft, loss, or unauthorized access.

To get a sense of the scale of the challenge, it is estimated that by 2025, the average large company will manage over 170 terabytes of data. This makes it crucial for companies to have robust data management systems and cybersecurity protocols in place to ensure the protection of their data and the privacy of their customers. Add to this the cost of a breach, which on average is estimated to be around $3.86 million globally, per breach. 1

What are the advantageous of paying ransom in Bitcoin?

Paying a malicious person a ransom in Bitcoin in some cases can be seen as having certain advantages over relying on cyber insurance:

  1. Faster Resolution: If a cybercriminal has encrypted an organization's data and is demanding a ransom, paying the ransom in Bitcoin can provide a quicker resolution to the issue than having to go through the claims process with an insurance company. This can be especially important for organizations that rely on the timely access to their data.
  2. Reduced Reputational Damage: In some cases, the process of dealing with a cyber-attack and making a claim with an insurance company can be public and damaging to an organization's reputation. Paying a ransom in Bitcoin can be done more discreetly and can help to minimize negative publicity.
  3. No Maximum Payout Limit: Some cyber insurance policies have a maximum payout limit, meaning that if the cost of a cyber-attack exceeds that limit, the organization will have to cover the remaining costs. When paying a ransom in Bitcoin, there is no maximum limit, which can provide a higher degree of financial protection.
  4. (Guaranteed) Decryption: When paying a ransom in Bitcoin, an organization can negotiate with the hacker to receive a guarantee of decryption for their data, which can provide a higher degree of certainty compared to relying on an insurance company to resolve the issue.

It's important to note, however, that paying a ransom in Bitcoin is not a recommended practice and is considered a last resort by most security experts. It can also perpetuate the cycle of ransomware attacks, as hackers see that their demands are being met and continue to engage in these types of attacks. Additionally, there is no guarantee that the hacker will actually decrypt the data once the ransom is paid and paying a ransom can also potentially subject an organization to legal and regulatory issues.

Closing remarks

While it may not be a "sexy" reason for companies to adopt bitcoin, the fact remains that it is an effective way to guard against the financial losses caused by ransomware attacks. As such, businesses should seriously consider holding bitcoins to prepare themselves for the worst-case scenario.

Having 20 to 30 bitcoins on hand (for bigger companies) in case of a malware attack can provide companies with a more cost-effective solution to mitigate the financial losses associated with a breach. This is because, in the event of a ransomware attack, having bitcoins on hand gives companies the option to quickly pay the ransom demand without having to go through the lengthy and potentially expensive process of restoring their systems from backups or negotiating with their cyber insurance provider. Furthermore, having bitcoins can also help companies avoid the risk of losing all their data and incurring additional costs, such as reputational damage and regulatory penalties.

 

 

 1This cost includes expenses such as legal fees, regulatory fines, investigation and remediation expenses, customer notifications, credit monitoring, and lost business due to reputational damage.