Insurance companies must stop issuing policies that incentivize making extortion payments in ransomware attacks.
That advice came straight from the White House following the fourth annual International Counter Ransomware Initiative (CRI) summit in early October. Ransomware is wreaking havoc around the world. Insurance policies covering ransomware payment reimbursements fuel the same criminal ecosystems they seek to mitigate. If insurers stop covering ransomware payments, companies must improve their cyber defenses. Sophos can help organizations do that and will back that promise with a $1 million warranty.
Insurance and Sophos Cyber-Defense Should Work Together
Companies are increasing cyber protection to obtain better insurance, a trend noticed by Sophos this past summer. There is a synergy between the two since insurers want to see robust cyber defense before writing a policy to protect against ransomware attacks. This incentivizes companies to adopt up-to-date cybersecurity solutions to protect their data better.
Companies need to make insurance part of a holistic approach to cybersecurity, according to Sophos. Businesses “can unlock considerable cyber insurance savings while also enjoying wider operational benefits and reduced likelihood of experiencing an attack.” Sophos noted in their Cyber Insurance and Cyber Defenses 2024 whitepaper.
But there are limits. Only one percent of companies said their carriers covered 100 percent of the costs from a cyber attack. Many companies find out the limits of coverage the hard way when damages exceed payouts. This was detailed in Sophos' The State of Ransomware 2024 survey.
The Million Dollar Sophos Promise
The Sophos Breach Protection Warranty steps in where insurance companies fear to tread.
If you use Sophos MDR Complete to protect your customer’s IT system, Sophos will pay response expenses up to $1,000 per breached machine, up to $100,000 ransom payment (as part of the per-device limit), and up to $1 million in total response expenses. This plan is included with any MDR Complete subscription purchases (Flex and Term) through the Sophos MSP network. This warranty is transparent and easy for Sophos partners to understand. The plan has no tiered structures or hidden purchase requirements.
To this day, Sophos has yet to pay out even one dollar in breach protection money for one simple reason: not a single MDR customer has suffered a successful ransomware attack.
The Sophos Breach Protection Warranty costs nothing. But its value is priceless.