Skip to Main Content

Targeted and systemic ransomware need to be differentiated for progress in cyber


While targeted ransomware usually only affects individual companies, certain events can be correlated in terms of when and how they experience loss, which is important to factor into cyber risk modelling.

Cyber Risk Navigator uses a network of sensors that collects data from around 80 percent of internet traffic, monitoring inbound and outbound IP traffic to see if any data is transferring to or from any blacklisted IPs.

Over the course of the past few years, hackers have found similarities in vulnerabilities of comparable companies or industries and used these to their advantage. According to antivirus software company Emsisoft, as many as 113 government entities, 1,681 schools and colleges, and 560 healthcare facilities fell victim to ransomware attacks in 2020.1

These insights were shared on a webinar and product demo of Cyber Risk Navigator, discussing some of the pitfalls in the cyber insurance landscape, and how to model them. The discussion was part of Verisk’s Cyber Monday Series.

Targeted vs. systemic ransomware

Targeted ransomware is an event that impacts a single company at a time. In many, if not most cases, the bad actors have a pretty good understanding of what they are going after. They are likely quite familiar with the company and may know what types of data they will try to collect. These events can be correlated, meaning bad actors can target several companies with similar characteristics during a single campaign.

Conversely, systemic ransomware has the potential to impact multiple organisations at a time from a single attack. While it can cause widespread disruption and loss to many companies, these events are unlikely to involve data exfiltration as the bad actors involved generally lack the resources or knowledge to navigate individual victim’s networks to locate business-critical data, as they may not even know which organisations are impacted by the event.

One key difference between targeted ransomware and systemic ransomware is that there is a higher chance of data breach occurring with targeted attacks. Subsequently, with business-critical data compromised and knowledge of a company’s ability or appetite to pay, ransom demands with targeted attacks are likely to be much higher, often demanding hundreds of thousands or millions of dollars.

Gaining insights into potential attacks through cyber risk modelling

Targeted ransomware is one of the latest additions to Verisk’s Cyber Risk Navigator, our newly released cyber risk modelling platform. It accounts for the higher correlation of targeted ransomware events relative to other event vectors, along with the higher ransom demands associated with this peril.

Once a vulnerability has been discovered that allows hackers to get into a system or network with one of these events, they will likely exploit it in all other companies that have such vulnerabilities. The Cyber Risk Navigator looks at companies’ firmographic and technographic ratings, which directly impact these event probabilities. If a company is found to have botnets, exploits, or a bad patching cadence, for example, there is evidence that bad actors are either already in or will have an easier time getting in.

The Cyber Risk Navigator uses a network of sensors that collects data from around 80 percent of internet traffic, monitoring inbound and outbound IP traffic to see if any data is transferring to or from any blacklisted IPs. The data is collected unobtrusively and used to help build risk scores in the model.

Verisk offers a full suite of cyber solutions that can help underwriters accurately identify their exposures across the entire cyber risk spectrum. The Cyber Risk Navigator models everything from individual events, such as lost or stolen devices and system failure, all the way to large-scale aggregation events, such as systemic ransomware and cloud, email or content delivery network (CDN) outages.

To learn more about how Cyber Risk Navigator can help you identify risk, understand the impact to your portfolios, and estimate potential loss, please watch our Verisk Cyber Monday session on demand.

You can also watch any of the previous webinars in Verisk’s Cyber Monday Series.

Scott Stransky

Scott Stransky is vice president, director of cyber modelling, at Verisk. He can be reached at

Pamela Eck

Pamela Eck is a senior cyber risk consultant at Verisk. She can be reached at

You might also like

Visualize Subscribe

Get the best of Visualize!

Get the latest news and insights straight to your inbox.

Subscribe now

  1. The State of Ransomware in the US: Report and Statistics 2020, Emsisoft,<>, accessed 4th June, 2021

You will soon be redirected to the 3E website. If the page has not redirected, please visit the 3E site here. Please visit our newsroom to learn more about this agreement: Verisk Announces Sale of 3E Business to New Mountain Capital.