Paying a ransom is a phenomenon most of us are familiar with. An extortionist (criminal) will obtain something of value—by force or violence—from a person or company (victim). After, they’ll demand the victim pays a ransom (a sum of money) in order to reclaim what’s been stolen.

In today’s digital world, cyber extortion is when a hacker steals data or precious information, then demands compensation to return whatever they’ve stolen. Oftentimes, they take control of a company’s systems. If the company doesn’t pay, the hacker will delete all of their data. And given that cyber extortion is an actual job that can pay up to $360,000 per year, companies are now creating safeguards in the case that a ransomware attack happens to them.1

But aside from optimized security infrastructure, how do they avoid a fallout? The answer: ransomware insurance.

What is ransomware?

Ransomware is a type of malicious software that, once infecting a device, won’t allow anyone to access the computer until a ransom is paid. Usually, it’s transferred to a device by way of a phishing email (fraudulent email), corrupt link, boobytrapped image, an ad, or an infected website.

Typically, malware installs itself silently without the user knowing it. Afterwards, depending on the sophistication of the malware, a user might witness a pop-up with instructions on how to buy a decryption key to regain access to their files. Other times, a user won’t be able to access their computer system at all when a ransomware attack has occurred.

A rising threat

Given that phishing emails and digital scammers are on the rise, the idea of being hacked doesn’t just make for a good thriller.Today, businesses of all sizes are at risk of cyber crime. Unfortunately, given the skill of some hackers, the consequences can be devastating. And while ransomware campaigns are seeing a sharp decline, they’re also becoming more targeted and consequential.3

What is ransomware insurance?

Ransomware cyber insurance, also known as cyber extortion coverage, is typically an add-on to a cyber liability policy. Essentially, it’s a subset of an overall cyber policy, with conditions that vary from insurer to insurer, business to business. Remember that, given the nature of ransomware, these are not one-size-fits-all for an insurance policy.

Instead, they hinge upon a company’s specific risk profile, which ranges drastically when it comes to their ransomware exposure. Yet, most insurance policy options will provide coverage against all or some of the below:

  1. The ransom – This is the sum of money that a company or individual needs to pay to the criminal (in order to regain control of their system or data). Depending on the policy, this might also include the hardware that an extortionist compromised.
  2. Extortion expenses – From the money it costs to rebuild infrastructure, travel expenses, to the losses incurred due to a system breach, ransomware insurance will typically help cover the fees associated with the event. At times, the cost of rebuilding, repairing, and the losses in revenue exceed that of the ransom itself.
  3. Repairs – Cybercriminals are nefarious. Even if a ransom is paid, it’s never guaranteed that the system will be turned over (let alone in the condition it was prior). This means that even after a ransom is paid, a company might still have to pay for the damages incurred by the ransomware. Many ransomware policies will help cover losses and the money needed to rebuild (or replace) programs, infrastructure, and data.

Insurer permission: It’s important to note that the actual ransom (typically) needs to be greenlit by an insurer. This means in the policy, the insurer will state that a company or individuals needs to first seek permission prior to submitting a ransom. If the insuree goes on and pays the ransom, then tells the insurer about it afterwards, they’ll likely exclude insurance coverage.

What is cyber liability coverage?

Cyber liability coverage is the umbrella policy that ransomware insurance is attached to. Typically, it includes both first-party and third-party coverage in the case of a data breach (other criminal cyber events can be included, too). But what does this mean?

First-party coverage – This includes insurance coverage for losses experienced by the company or individual which was breached. This could be anything from paying a ransom, repair costs, to being sued by a client due to the ramifications of a cyber event.

Third-party coverage – This cyber policy includes coverage for losses sustained by the customers, clients, or third parties that are affected by the cyber breach. For instance, if customers were to file claims against a company that was compromised, this would help cover the fees associated.

Ransomware is rarely its own form of coverage. It’s almost always an add-on to a cyber liability policy. It’s included in the “first-party coverage” bracket.

Tips for protecting against ransomware attacks

The reality is that many small businesses think “this could never happen to us.” But small businesses are just at risk for cyberthreats, if not more so. In which case, a few tips on protecting your company go as follows:

  1. Run an IT audit – Invest in an audit and have an IT consultant identify areas of vulnerability. From there, you can build security infrastructure to ensure the gaps are filled.
  2. Train your staff on email security – Employees and contractors are the biggest culprits when it comes to data breaches.4 Why? Because they click through emails unknowingly. By training your staff on email security, they’ll be on the lookout for potential phishing scams.
  3. Backup your systems offline – If there’s a way to backup your data and systems offline (on a local server) that has encrypted access, this could be your saving grace if a data breach were to occur.

The more you’re prepared for a data breach or cyber attack, the more secure your company is. While ransomware insurance can help mitigate the financial consequences of a data breach, preventing the situation outright should always be the number one goal.

Insurance coverage for businesses

In addition to being protected from ransomware, does your business have general liability insurance and professional liability insurance? Here at Thimble, we help protect small businesses from third-party claims of:

  • Non-employee bodily injury
  • Personal and advertising injury
  • Property damage
  • Professional negligence

We’re able to make insurance affordable by tailoring our policies to you. Choose coverage by the hour, day, or month, and rest assured that our insurance works when you do, and saves you money when you’re off the clock. Our mission is to make insurance simple—not only when purchasing policy, but when learning about coverage too. We’re your one-stop resource for all things insurance, made simple.



  1. CPO Magazine. New Reports Show Just How Profitable Cyber Extortion Can Be.
  2. HEIMDAL Security. The Rising Threat of Business Email Compromise (BEC) and How to Stay Safe.
  3. CNN Business. Yet another company has been hit by a ransomware attack.
  4. Red Team Secure. Danger In Your Ranks: 7 Times Employees Caused Damaging Data Breaches.