Skip to main content
  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
Hiscox Insurance
Menu Toggle
  • Home
  • Small Business Insurance Toggle Menu Toggle Menu
  • Why Hiscox Toggle Menu Toggle Menu
  • Resources Toggle Menu Toggle Menu
  • Policy Management Toggle Menu Toggle Menu
  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
  • About
  • Get a Quote Get a Quote
  • About
  • Get a Quote Get a Quote
  • Blog Home
    Start Your Business
    Grow Your Business
    Protect Your Business
    Celebrate Courage
    Search

    Small Business Insights

    Sign up to get the latest small business news delivered right to your inbox.
    Protect Your Business
    Cyber security ransomware image

    A cyber security expert answers your ransomware questions

    Cyber | Industry Spotlight
    By:
    Karen Doyle

    Share Image

    Embed Image

    Copy

    Share Article:

    Ransomware has been all over the news lately. This particular type of cyber attack has become increasingly visible, and has been blamed for everything from higher gas prices to internet outages. But what is ransomware? Who is vulnerable? And most importantly, how can you protect your small business from the havoc it can wreak? 

    Last year, we sat down with Meghan Hannes, then Head of Cyber and Tech E&O for Hiscox USA. Meghan has been underwriting and managing cyber security and privacy-related risk since 2004. She is a noted author, speaker, and award-winning product head in the cyber insurance space. Here’s what she had to say. 

    Q: What is ransomware?

    Ransomware is a piece of software – or, more specifically, code - that takes control of a victim's computer, making it unusable, sometimes called ‘bricking’ the system. A ransom is then demanded to unlock your computer so you can get back to work. 

    Q: How does ransomware get on my computer?

    In the majority of cases, it’s through phishing. We know from the Hiscox Cyber Readiness Report 2021 that 60% of all ransomware events resulting from a phishing email. It can be targeted, or it can be what’s called ‘spray and pray,’ where hackers just try a bunch of emails to see where they can infiltrate. 

    Q: Who are these ransomware hackers?

    Hackers can be sole practitioners or part of a larger ransomware ‘gang.’ These gangs operate like any other business, except they work for nefarious purposes. They have office hours, vacation schedules and payrolls, just like any other business. 

    They will also sell ‘ransomware as a service’ software for profit, which enables less sophisticated hackers to get into the ransomware mix. In many cases, these gangs will have thousands – or millions – of dollars in profits to invest back into their operations, which means attacks are likely to continue to increase in frequency and sophistication, as long as there is money to be made. 

    Q: But hackers want big money. So they’re not going to bother with a small business like mine, right?

    Size is relative. If you rely on a supply chain, if you have customers, if you're going to be in any sort of pain because your computer system is down, you should be aware of the risk and take steps to defend against ransomware.  

    Related: Remote working increases cyber risk for small businesses

    Q: What should I do if I get a ransomware demand?

    That’s a really good question, because there are a lot of factors in that decision. First, you don’t know what kind of hacker you have. Once you are hacked, a few different things can happen. 

    You may get a ransomware demand, and decide to pay the ransom. But the hacker is kind of a novice, and they don’t know how to decrypt your data. So you’ve paid the money but you still don’t have your data back. Or, you pay the money, but, since there’s no honor among thieves, the hacker just takes your money and runs, and your data is still encrypted. Or they publicize the fact that you were hacked, and now you’ve got to worry about potential reputational damage on top of it.

    As soon as you realize you’ve been compromised, reach out to your cyber insurance carrier if you have one. You really want to bring in a professional if you get a ransomware demand. That’s where a specialty company with experience comes in. We have partners who do this day in and day out. They know the attack patterns, language – even the common spelling errors in demand notices – of these different gangs. This lets them quickly determine who the attacking gang may be, and what their experience level may be. That information will give a really good indication of whether a ransom demand should be considered. 

    The response, recovery and restoration process is bespoke to every single company. There is absolutely no one-size-fits-all approach here. And that’s why, if all else is left out of the equation, you want to be able to call an expert if this happens to you. If you can call in a forensics vendor, they can sift through the backups to determine what systems are affected and who might be behind it. 

    Q: As a small business owner, what can I do to protect myself?

    There are a few ways that ransomware gets in, but the overwhelming majority of it is phishing, exposed RDP or remote desktop protocol, and brute force attacks. So, let’s look at each of those three and see how you can protect yourself.

    1. Phishing succeeds because of human error. The hacker sends an email that looks legitimate but there’s a link in it that, when clicked, releases malware onto your computer. The way to protect yourself here is to educate your employees. If it looks like a phish, and it smells like a phish, it’s probably a phish, meaning it’s a bad email. So know what a malicious email looks like, and train your staff to recognize one as well.
       
    2. Never expose an RDP to the internet, and consider an extra layer of defense like VPN (Virtual Private Network) to provide another layer of security. 
       
    3. A brute force attack is when malicious code will just try different combinations of usernames and passwords until they find one that works. In addition to requiring two-factor authentication, there are software defenses you can put on your system that can thwart a brute force attack. 

    You also need to have electronic backups for important systems, and make sure you can get them up and running in a reasonable amount of time. 

    Related: Is your business cyber ready? Here’s how prepared US businesses are

    Q: How does having cyber insurance help?

    It helps in a lot of ways. First, with Hiscox cyber policies, you get access to CyberClear Academy, which is a suite of tools that helps you train your employees on how to avoid an attack in the first place. This is self-paced training that helps you keep your company safe. Next, all Hiscox cyber insurance policyholders have access to Paladin Shield, an AI-powered ransomware solution that reduces phishing susceptibility by 64%. It includes email security, network defense, threat monitoring and more. 

    Plus, in the event of an attack, you have access to a team of first responder specialists who are available to Hiscox policyholders 24/7. It may be your company’s first cyber-attack, but these experts have seen and experienced it all, and they know just what to do to limit the damage. 

    Of course, Hiscox insurance also covers the costs of recovering your data and notifying any affected parties. It can also cover business interruption, or the cost of not being able to operate your business for however long it takes to resolve the situation. 

    The bottom line is that ransomware gangs remain a viable business model, and one that can do harm to your business. So you need to protect yourself, and having comprehensive cyber security insurance is the best way to do that. 

    For more information on cyber security, or to get a quote for cyber insurance for your business, visit Hiscox’s cyber page. 


    Protect Your Business

    Protect the business you’ve worked so hard to build. Get a fast, free quote and your business could be covered today.

    Get a Quote
    Get a Quote
    Subscribe to our newsletter

    Related Articles

    4 Min Read
    Yorkie being groomed by professional at a salon

    Everything you need to know about additional and named insureds

    Insurance 101

    Have you heard the terms 'named insured’ and ‘additional insured,’ and ever wondered if there's a difference? We break it all down for you in this post. 

    Read More

    5 Min Read
    Small business owners in capes, protecting what they've built from impacts of recession

    Ideas on how to make your business recession-proof

    Management | Entrepreneur

    Here’s what you need to know about the recession and some things you can do to reduce its impact on your small business.

    Read More

    4 Min Read
    sole proprietor learning what insurance policies are best for her business.

    Useful information on the best insurance for sole proprietors

    Insurance 101 | Entrepreneur

    As a sole proprietor, were you aware that you should have business insurance? Get the details on what type of policies are best for your small business needs.

    Read More


    We’re here to help.
    We provide tailored insurance for the specific risks you face, so you can take the right risks to grow your business.
    Get a Quote
    Get a Quote

    Footer menu 1

    • What We Cover
      • Business Insurance
      • General Liability Insurance
      • Professional Liability Insurance
      • Errors and Omissions
      • Cyber Security Insurance
      • Workers Compensation
      • Other Coverage
    • Who We Cover
      • Small Business Owners
      • LLC
      • Sole Proprietors
      • Entrepreneurs
      • Side Hustle
      • Contractors
      • Home Businesses
    • For Our Customers
      • Refer a Friend Program
      • Covid-19 Response
      • Claims Center
    • For Business Owners
      • Save with our Partners
    • About Hiscox
      • About Us
      • Careers
      • Contact Us
      • Hiscox Corporate
      • Investors
      • Foundation
      • Newsroom
      • We Stand Together
      • Affiliate Partner Program

    Footer menu 2

    • Accessibility
    • Site Map
    • Privacy Policy
    • Terms of Use
    • Legal Notices
    • Español

    Do Not Sell or Share My Personal Information

    Feefo Reviews: Hiscox rated 4.7/5 with 1,067 reviews between January 1, 2022 - January 1, 2023

    © 2023 Hiscox Inc. All rights reserved. Underwritten by Hiscox Insurance Company Inc., 30 N. LaSalle St., Suite 1760, Chicago, IL 60602. As of December 31, 2022, HICI had admitted assets of $1,458,861,470 and policyholders surplus of $380,056,863. Total liabilities were $1,078,804,607 (inclusive of $529,538,410 of loss reserves) and paid-up capital stock was $4,242,000.

    icon-facebook
    icon-youtube
    icon-twitter
    icon-linkedin