How to deal with ransomware when data is held hostage

Educate yourself on the complexities of ransomware, and the importance of selecting a cyber insurance carrier that provides the coverages you may need.

A screen that says "System HACKED"

No organization, school, or business is immune to the risks of ransomware attacks. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Today, businesses suffer ransomware attacks every 40 seconds.

Two companies decide not to pay a ransomware demand, but result in different outcomes.

Example #1:

Cyber thieves claimed responsibility for an attack on a software company and demanded $70 million to restore customer information. In response, the software company did not pay the ransom and, instead, developed a patch which allowed them to unencrypt the data and restore it to their customers.

Example #2:

A dental laboratory’s data was hacked and held for ransom. The lab also did not pay the ransom and, instead, took steps to prevent all outside access to email, internet, and other main areas of its computer network. This decision, while preventing thieves from profiting from the illegal activity, resulted in chaos for the lab. For weeks, access to patient records, patient appointment schedules for dental needs, and employee payroll information were not accessible. This lack of access caused the dental office to lose an estimated $500,000 in revenue; not to mention the goodwill of their patients and employees.

Should you pay ransomware?

As detailed in the examples above, there are no clear answers regarding the question of if a company should pay ransom or not; however, one thing is certain – without expert assistance, paying or not paying could prove costly.

How to protect yourself if you’re attacked by ransomware

Businesses purchase property insurance with the thought that if they are broken into, their insurance policy will take care of the property. This manner of thinking should remain the same with confidential data. Purchasing Cyber Security Insurance coverage provides peace of mind knowing that if customer information is stolen, it’s covered with a cyber insurance policy, and expert assistance from your insurance company is provided. Below is a list of the coverages you should look for when selecting a cyber coverage insurance provider.

Data Compromise Response Expenses

Pays policyholders for forensic IT, breach notification, credit monitoring and case management services, legal counsel, PR services, reputational harm, reward payments, regulatory fines and penalties, and PCI assessments, fines and penalties.

Computer Attack

Pays for data restoration, data recreation and system restoration costs due to a computer attack that damages data and/or software; includes business interruption, PR services, reward payments, and future loss avoidance coverage for improvements to a computer system after a computer attack.

Misdirected Payment Fraud

Pays for direct financial loss resulting from criminal deception using email, facsimile, or telephone communications to induce a policyholder, or a financial institution with which an insured has an account, to send or divert money, securities, or tangible property.

Computer Fraud

Pays for direct financial loss resulting from an unauthorized system access to transfer money from the policyholder’s premises or bank to another person or place.

Telecommunications Fraud

Covers payments owed to a telephone service provider resulting from a fraudulent charge caused by an unauthorized access to the policyholder’s telecommunications system.

Identity Recovery

Identity theft services for business owners; case management and expense reimbursement for out-of-pocket costs, legal expenses, lost wages, and child or elder care.

Privacy Incident Liability

Third-party coverage for suits brought by affected individuals or for judgments brought by states or regulatory agencies.

Network Security Liability

Covers policyholders’ settlement and defense costs for suits alleging a policyholder’s computer security negligence.

Electronic Media Liability

Covers a policyholder’s settlement and defense costs for suits alleging copyright or trademark infringement, defamation of a person or organization, or violation of a person’s right to privacy.

Looking for more information about cyber security?

Ask your SECURA independent insurance agent for more information about our Cyber Security Insurance coverage, or find an agent near you.

©2022 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This document is intended for informational purposes only and does not modify or invalidate any of the provisions, exclusions, terms or conditions of the policy and endorsements. For specific terms and conditions, please refer to the coverage form. Coverage subject to applicable deductibles and limits in the policy.

Find an agent

Our independent agency partners will help you compare coverages and share industry insights as you shop for the right insurance policy for your needs.

Related articles

How to talk to employees about cybersecurity

As a small business owner, your employees are the first line of defense in preventing a cyberattack. It’s important to talk to your employees about cybersecurity and what to do if something happens.

Create a cyberattack response plan for your small business

Cyberattacks can be devastating for a small business owner. It’s important to create a Cyber Incident Response Plan ready in case your business should fall victim to a data breach.

How to prevent a cyberattack

Preparing to protect your business against a cyber-attack should always be on your check list.

Coverages may not be available in all states. Coverages described are subject to all the terms and conditions of the policy, including deductibles, exclusions, and limits of liability. Not all agents are authorized to write all types of insurance. Policies may be underwritten by SECURA Insurance Company or SECURA Supreme Insurance Company, affiliated companies referred to collectively as SECURA Insurance Companies. Please read the policy carefully. Any claim example is for educational and informational purposes only. The information in this document will not be used to determine the coverage of an actual claim presented. All claims are adjusted based on the relevant facts, conditions and coverages at the time of loss. For specific terms and conditions, please refer to your coverage form. Coverage is also subject to applicable deductibles and limits of coverage.

The information provided by SECURA on its Website (the Site) is for general informational purposes only. All information on the Site is provided in good faith, however SECURA makes no representations or warranties of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the Site. The information contained on the Website is to the best of our knowledge true and accurate at the time of publication, however it is generally to be used solely for informational purposes. The materials on this website are not guaranteed to be correct, complete or up to date. You should not act or rely only on information on this website.

The Site may contain (or you may be sent through the Site links to other websites or content belonging to or originating from third parties or links to websites and features in banners or other advertising. Such external links are not investigated, monitored, or checked for accuracy, adequacy, validity, reliability, availability or completeness by SECURA. SECURA DOES NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITIES FOR THE ACCURACY OR RELIABILITY OF ANY INFORMATION OFFERED BY THIRD-PARTY WEBSITES LINKED THROUGH THE SITE OR ANY WEBISTE OR FEATURE LINKED IN ANY BANNER OR OTHER ADVERTISING. SECURA WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES.


SECURA would like to remind you that the data contained in this website is not necessarily real-time or accurate.

SECURA and any provider of the data contained in this website will not accept liability for any loss of damage as a result of your reliance on the information contained within this website.