Insurance Company Refuses to Pay $7.5M Crypto Ransom for a "Covered" Event

We’ve talked about cyber insurance. One significant takeaway from our blogs on this subject was to not ignore cybersecurity just because you have cyber insurance. 

This truth was demonstrated in a recent case with luxury British jeweler Graff Diamonds Corp. Graff is reported to have paid $7.5 million in Bitcoin ransom to a Russian hacking gang. The ransom payment followed the hacking gang-leading data on Graff’s highest-profile clients, which included data on the Saudi, UAE, and Qatar royal families. With the risk of the gang leaking even more sensitive client information, Graff paid the ransom, assuming their cyber insurance would kick in and cover the cost.

The payout has sparked a lawsuit as Graff’s insurance company, Travelers, refuses to cover the paid ransom. At this time, Travelers is refusing to comment.

Let Graff’s current situation be an essential lesson for many companies that think purchasing cyber insurance is the singular answer to protecting your organization. Your organization must do more than just buy cyber insurance. What do we mean? 

Here are our takeaways on ransomware and cyber insurance: 

1. Despite some companies’ best efforts, in many cases, ransomware now encrypts faster than organizations can respond. A recent study found that ransomware can encrypt at a rate of 54 GB in 43 minutes. Most companies take an average of 3 days to detect malicious activity. So, while both preventative measures and cyber insurance can help, neither is a sure solution to avoiding a ransomware attack.
2. The prevalence of ransomware is increasing. You are likely sorely mistaken if you think your organization or industry is exempt. Data shows that, following the pandemic, ransomware has risen by 65%. 
3. Ransomware continues to follow a golden rule: pay a little now or a lot later. If you cut corners on investments in cybersecurity prevention, employee training, and in other areas you will suffer the long-term consequences. You will save money in the long run if you regularly invest  as an organization in prevention measures.

PK Tech is founded on the principle of preventive cybersecurity. Our goal is to prepare our clients and refine their protection systems so that attacks can be prevented or caught early in the worst-case scenarios. We work with small to medium-sized businesses in various industries in the Greater Phoenix Area. If we can support your business, contact our team for an assessment. Get in touch here.