When hackers ask for ransom... Are you better off paying or not?

Unfortunately, anyone who thought that a well-secured company did not have to worry about cyberattacks is mistaken. The recent ransomware attacks on Belgian companies prove once again that, in the event of a refusal to pay ransom money, well-protected companies can also be shut down for several days. If you can fall back on a sound business continuity strategy and call on internal and external IT specialists, you still have a chance of limiting the damage and restore security. But what if hackers attack your company with ransomware? Chances are you won't have the ransom they'll be demanding from you. And if you do have the amount, do you just pay it or are there other possible solutions? Read more below.

Negotiating with hackers

"We don't negotiate with criminals," was probably your first reaction when you read the introduction. Indeed, most companies will do everything in their power to avoid paying a ransom and will undoubtedly deploy the best IT specialists to work day and night to solve the problem. But you can’t ignore the facts. Moreover, practice shows that paying ransoms usually minimises the damage to organisations and prevents it from getting worse. So, better pay anyway? Yes and no.

SOS Cybercrime Insurance

First of all, the payment of ransom does not guarantee that the hackers will give you the right instructions to make your system accessible again. Secondly, negotiating with hackers is a separate profession. This is precisely why more and more companies are taking out cybercrime insurance. This provides them with the necessary assistance from specialists to lift the hacking and quickly return to full speed. If this is not possible, a professional negotiator takes action to reach a financial settlement with the hackers and the insurance company will eventually pay the ransom. But that's not the end of it.

Ransom is just the tip of the iceberg

Entrepreneurs point out cyberrisks as one of the most important risks (see also the Allianz Risk Barometer) that they must manage in the coming years. The reason is not only the possible ransom they have to pay and the time and resources needed to solve the problem on a technical level. There are many other costs that are inextricably linked to hacking. Think for example of image restoration and the business damage suffered because your activities have been shut down. In addition, if it turns out that data and personal data have been stolen, a number of obligations will be added in the context of the GDPR, not to mention other legal consequences. Fortunately, with a good cybercrime insurance you don't have to pay these costs yourself and you will also receive active guidance from an expert to take all the necessary actions.

"It doesn't happen to me."

We don't doubt that you will do everything possible to make your IT highly secure, but have you already thought of awareness training for your employees? Most cases of cyber damage today have a human cause (clicking on a suspicious link, answering a CEO fraud e-mail, forgetting to close the security gate after an update, ...). And, Once hackers have targeted your organisation, they won’t do their work overnight. They will take their time to find that one hole in your security and then don't hesitate to strike. Traditional company policies do not provide a guarantee for such risks. However, there are cybercrime insurance formulas and several insurers offer special service contracts. A team of specialists will then be ready for you to solve the crisis and get your company up and running quickly at a minimum of cost.

If want to know more, please feel free to contact our experts for an informal meeting.