Dissecting ransomware
culture
Inclusion and Diversity
Corporate Social Responsibility
Team BRIT
Environmental, Social & Governance
Insurance
accident and health
casualty
public and products liability
employers liability
environmental liability
contingency
event cancellation
non appearance
film
prize indemnity
cyber
cpr
xdr
bcap industrial
xdr pro tech
first50
cyber claims
delegated authority
commercial property
flood
financial property
homeowners
small commercial general liability
directors & officers
energy
e-trading
financial institutions
fine art and specie
healthcare liability
marine
cargo
hull and marine war
keel
marine and energy liability
political risk trade credit
political violence / terrorism
political violence/london
private client
home
motor
travel
professional liability
small north american liabilty
north american professional liability london
programs
property
north american open market property
international property
uk property
transportation
Reinsurance
casualty treaty
international casualty treaty/london
north america casualty treaty/london
property treaty
property treaty
property treaty bermuda
Claims
Claims Philosophy
Claims Innovation
Cyber Claims
industries
aerospace
aquaculture, equine and livestock
architects and engineers
commercial
construction
consumer goods
education
energy
events & entertainment
farming and agriculture
financial services
healthcare
municipalities
personal lines
professional services
real estate
religious and not-for-profit
retail
technology
transportation
utilities and industrial
careers
Why join Brit?
our business areas - speaking for ourselves
business area - actuarial
business area - claims
business area - finance
business area - internal audit
business area - operations
business area - risk
news
Brit Group
Brit Global specialty
Brit Global Specialty Bermuda
Brit Re
Camargue
Ki
financials and governance
Financials
Governance
executive & board
Risk
History of Brit
Working with FinTechs and InsurTechs
Fair Value Assessments
brokers and coverholders
leadership
innovation
contact
Complaints
Privacy Notice
Modern Slavery
Terms and Conditions
The latest from Brit

Financials

Results for the year ended 31 December 2023

find out more

news

find out more
Gettyimages 1316011368

news

An interesting look at Ransomware by Éireann Leverett | Co-founder, Concinnity Risks, and Co-author: ‘Solving Cyber Risk’

Ransom and Extortion is an approach to making money through hacking. Other hackers find subtler and more interesting ways to make money like Fin5, or Magecart. Personally, I think hacking for money is gauche, which is why I prefer to do it out of curiosity and for my own understanding.

Extortion has been around since long before hacking or the US dollar. People will try to blame the victim for lack of security or a failure to backup, but this is ridiculous too.  We shouldn’t accuse those targeted by abuse for deserving it. These criminal enterprises really are out to make money without regard to the impact on human life.  Now getting to the intersection of ransomware and insurance, it is clear that negotiating is now a full blown industry. Clearly the ransoms get paid because the losses are assumed to be larger, but how big can the ransoms get?

What makes a ransom large? Most people assume it is the virus itself; how destructive it is, how widely it spreads, how well constructed. Let’s try a thought experiment though: what would happen if you were an elite cyber criminal and deployed ransomware in Cuba. The ransom can’t be more than anyone earns, and while there might be some variance within those earnings, it’s likely to be a pretty flat distribution. If your ransomware were to sample from a normally distributed range of incomes, you would certainly see more variance. Ideally though, you’d want to deploy your ransomware on companies with heavy tailed distributions of wealth. In other words, in a society like ours, where the distribution of wealth can be characterised by powerlaws, one really big score might be more than all the little ones combined!

Now we believe that ransoms alone are heavy tailed, and while there’s more research to be done to confirm distributions, the averages of ransoms fluctuate wildly. So in a nutshell, ransoms ALONE have heavy tails, and if you’re a bigger organisation, you’ll get asked for a bigger ransom. Just because you don’t know who they are doesn’t mean they don’t read your accounts. After all, they already hacked you, you can’t be sure you’ve got any secrets left.

One thing we can be sure of is that the losses are usually bigger than the ransoms. Otherwise it would be mathematically irrational to pay them! The real problem is figuring out the risk and return on investment before you get hit with the ransomware.

Ransomware negotiation: Don’t try this at home

18-03-2024 |Cyber
Read more

Brit launches Brit Cyber First50 to expedite placement of large cyber risks

13-03-2024 |Cyber
Read more

Addressing The Cyber Gap With SMEs

29-01-2024 |Cyber
Read more

Brit - NIS2: What does it mean for cyber security?

30-11-2023 |Cyber
Read more

Why do cyber insurers insist on IT security?

26-05-2023 |Innovation & Insights
Read more
London Footer White

A Fairfax Company

©2024 Brit Group Services. All rights reserved.

We Brit Insurance Services USA, Inc. d/b/a Brit Global Specialty USA, are a service company that is part of the Brit Global Specialty group of companies. We are regulated by state departments of insurance in our capacity as a Managing General Agent. We have authority to enter into contracts of insurance on behalf of the Lloyd’s underwriting members of Lloyd’s syndicates 2987 and 2988 which are managed by Brit Syndicates Limited. This material is intended to provide general information about Brit Insurance’s products and services. It is neither an offer to sell nor a solicitation to purchase any specific insurance product. Coverage may not be available in all US jurisdictions and are subject to legal and underwriting requirements. Any availability is on a surplus lines basis only through duly licensed producers. Inquiries about the products and services described herein should be directed to producers duly licensed in the relevant US jurisdiction.