According to a recent report by Microsoft, there's been a 400 percent rise in ransomware encounters affecting Windows since 2015, with older versions of the operating system being more prone to infection. Large companies are often late adopters to new operating systems since they require extensive testing to ensure hardware compatibility, which leaves them prime targets for this form of malware.
Microsoft claims updating to Windows 10 will reduce the risk of a ransomware attack by 58 percent, but a study by Netmarketshare shows that 67.22% of desktops are using Windows 8 or older. Helping your clients prepare for an attack isn't as difficult as you might think.
What is Ransomware?
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money (or ransom) is paid, or some other action is completed. Sometimes it’s as simple as forcing the user to complete a survey. The most common types are lockscreen and encryption ransomware.
Lockscreen shows a full-screen message that prevents the user from accessing their PC or files.
Encryption modifies files so they can't be opened. There is no guarantee that paying the ransom or completing the required action will allow access to the PC or files again. Globally, the US accounts for 50% of all ransomware detections.
What Can Clients Do to Prevent Loss from Ransomware?
- Upgrade to the most recent operating system version to ensure up-to-date security
- Limit employee access to unsafe websites
- Train staff to not open emails and attachments from unknown people
- Train staff not to click on unsafe links in email or social media
- Advise staff to be on the lookout for websites that appear fake or contain misspellings
- Purchase insurance coverage that covers ransomware
Protect Your Clients from Ransomware
Your clietns have a couple of options when preparing for a ransomware attack. The first is to purchase a cyber insurance policy with a broad definition of malware that includes ransomware. Some cyber policies will even expressly offer coverage for extortion threats. The other option is to cover the exposure on a Financial Institution Bond. On some bonds, a kidnapping and extortion provision will include coverage for cyber extortion threats.
To learn how cyber coverage for your clients works, please check out our Network Security and Privacy Liability Coverage. Not a memver of the AmTrust appointed agent team?
Matthew Craven is the product analyst in financial institutions for AmTrust North America, a multi-national property and casualty insurer specializing in coverage for small businesses.
Want to get more policy updates, industry news, and hot tips for growing your agency? Subscribe to our blog below to be the first to know when we publish a new post!
Editor’s Note: This blog was originally published on November 21, 2016 and has been updated and edited.