Skip to Main Content

No longer business as usual: The consequences of a ransomware attack

Imagine waking up one morning to find your business is the latest victim of a ransomware attack. Increasingly, this crisis scenario is becoming an unfortunate reality for organizations worldwide. The severity and frequency of ransomware attacks are on the rise, making ransomware one of the most urgent issues facing insurers today.

Targeted And Systemic Ransomware Need To Be Differentiated For Progress In Cyber

Protecting yourself (and your business) with good cyber hygiene is the first defense to help prevent a cyberattack, but no organization is immune from cyber risk.

Ransomware is a form of sophisticated malware, where cybercriminals encrypt devices, data, or entire systems, and hold them in exchange for ransom. The following narrative is one fictitious example of a targeted, correlated ransomware attack that shows the dire circumstances that can potentially occur due to such an event.

The attack:

A cybercrime network orchestrates a ransomware campaign against six major airlines simultaneously, infiltrating their network by exploiting a vulnerability in a commonly used cloud server. The cybercriminals manage to access the cloud data and begin mining for more information to broaden the scope of their attack.

Ultimately, the cybercrime network manages to infiltrate major communication systems, employee and customer data, and financial data for four of the six airlines at once. The cybercrime network contacts the four targeted airlines to inform them of the attack and provides instructions to contact their ransomware as a service (RaaS) provider.

The response:

Separately, each airline contacts the authorities, their insurance companies, and the RaaS provider to begin negotiations.

Due to safety and security concerns, the airlines are forced to ground their planes, and the reputational scrutiny is intense as news of the correlated attack grows.

The depth and magnitude of the attack are unprecedented. With planes grounded from four airlines, the supply chain is interrupted, causing downstream supply chain and logistical bottlenecks that cause massive business interruption losses for the airlines and the companies that rely on their services. Each of the four airlines, helpless without access to their systems, after a long period of downtime and experiencing increased public pressure, elect to pay the ransom demand.

The effects on the insurers:

Two of the victimized airlines are insured by the same insurance carrier, while the other two are insured by two other companies. The insurer with two airlines in their portfolio uses high-quality cyber risk analytics, which better prepares them to understand their sources of aggregation and therefore designed an appropriate reinsurance program to manage this unexpected loss. The insurers that did not use high-quality cyber risk analytics face challenges as they are unaware of the true depth of their risk and did not accurately price to exposure. Those insurers increase rates, and ultimately dissatisfied customers relocate their business.

Keep the crisis from becoming a reality

This fictional narrative is a crisis that all organizations can learn from, especially as ransomware becomes a substantial threat and cybercriminals become more sophisticated and aggressive in their attacks. Protecting yourself (and your business) with good cyber hygiene is the first line of defense to help prevent a cyberattack, but no organization is immune from cyber risk.

Learn more in our latest whitepaper, “Ransomware: No longer business as usual.”

Bethany Vohlers

Bethany Vohlers is vice president of Verisk Cyber Solutions and can be reached at

Visualize Subscribe

Get the best of Visualize!

Get the latest news and insights straight to your inbox.

Subscribe now

You will soon be redirected to the 3E website. If the page has not redirected, please visit the 3E site here. Please visit our newsroom to learn more about this agreement: Verisk Announces Sale of 3E Business to New Mountain Capital.