The challenges of cyber-attacks, ransomware, and extortion payments

On a macro level, there are additional challenges. Dominant nations in the IT sector often pursue conflicting goals—they seek security vulnerabilities they can leverage for their own national interests while simultaneously working to eliminate weaknesses in their own IT-environments to prevent others from exploiting them. Over time, these efforts to have exploitable flaws ripple into everyday life, leaving companies exposed to risks that impact both businesses and customers. Currently, these nations tend to prioritise offensive strategies over defensive measures. 

Criminals strive for efficiency  

Criminals and organised crime groups operate with a similar mindset to businesses—their aim is efficiency, achieving maximum results with minimal effort and reduced risk. In the cyber arena, ransomware attacks have increased in recent years. Indicators now suggest that attacks on large Nordic companies have plateaued, although they remain at high levels, while attacks on midsize companies continue to rise. One possible explanation is that larger companies have refined their cybersecurity defences, making midsized companies more attractive targets due to their comparatively weaker security. Cybercriminals often operate in countries with weak law enforcement, further reducing the risk of getting caught. This operational environment allows them to execute attacks more effectively, with fewer consequences.

Cyber-attacks and the insurance industry 

Insurance companies offer various services to help businesses recover from cyber incidents. These include incident response and restoration, coverage for business interruption (including incidents at service providers), cyber-crime protection, third-party claims, confidentiality, and privacy liability, network security liability, and media liability. However, there is one area that differentiates If Insurance from its competitors. Unlike most insurers, If will not reimburse ransom payments, challenging the prevailing market practice. This decision reflects a strategic stance that prioritises all parties' long-term benefits over some parties' short-term convenience. 

“When you experience a cyber-attack, you must pay ransom to recover” 

• There are several ways to resolve a cyber incident involving ransomware without paying the ransom. For example, one security company handling hundreds of cases has successfully avoided ransom payments in all instances. 

“All organisations want ransom payment coverage” 

• What companies often seek during a cyber-attack is priority access to external professional specialists, including, technical incident responders, forensics experts, hostage negotiators, and legal advisors.
• In several cases, organisations that experienced a cyber intrusion lost their cyber insurance policy to the perpetrators, making explicit ransomware coverage more of a liability.

“The easiest solution for the organisation is to pay the ransom” 

• Paying assumes the blackmailers will fulfil their promises. It has been reported, based on one security company’s data, only 67.6% of extortionists deliver on their promises, while 20.6% fail to do so.¹
• Organisations who pay the attackers are sending the message that extortion schemes work on them, a message which malicious actors could use to justify subsequent attacks and extortion attempts. One security company found that 80% of organisations who paid a ransom demand ended up incurring another attack. Close to half (46%) said it was the same attackers that hit them again, while more than a third (34%) might have been another threat actor that's responsible for the follow-up infection.²
• Even if the ransom is paid, the problem still remains as the attackers retain knowledge of the system’s vulnerabilities and access to the organisation's IT environment with any information therein. They can sell this data or sell entry to third parties, perpetuating the risk. 

“No one will know the organisation paid the ransom” 

• Depending on the payment method, information about the transaction could become traceable and public, exposing the organis

Potential risks of ransomware coverage  

Some customers or brokers might seek maximum coverage, without considering the negative implication of certain provisions, such as ransomware payment coverage. This could lead to a false sense of safety, reducing proactive cybersecurity measures and unintentionally contributing to organised crime.