How cyber insurance influences the ransomware payment decision: theory and evidence

Cartwright, Anna; Cartwright, Edward; MacColl, Jamie; Mott, Gareth; Turner, Sarah; Sullivan, James; Nurse, Jason R. C.

doi:10.1057/s41288-023-00288-8

Cited by 9 publications

(8 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous research already addressed that insurance does not necessarily increase the probability of ransom payments [7] as was confirmed by our results. Nevertheless, having insurance Likewise, the yearly revenue of a company did not influence the payment decision, but did influence the ransom paid.…”

Section: Discussionsupporting

confidence: 89%

“…A significant subset of victims consists of those who refuse to pay the ransom, as emphasized by [7], [8], [11]. For these individuals, the WTP is effectively zero.…”

Section: Related Work and Hypothesesmentioning

confidence: 99%

“…Cryptoransomware, ransomware for short, is a type of malware that encrypts files, allows victims to regain access upon paying a ransom to the attackers. The surge in ransomware attacks can be attributed to its profitability [7], [11]. Furthermore, [21] highlights that criminals are incentivized to target victims who highly value their data, leading to increased social welfare costs.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Ransomware Economics: A Two-Step Approach To Model Ransom Paid

Meurs,

Cartwright,

Cartwright

et al. 2023

2023 APWG Symposium on Electronic Crime Research (eCrime)

Self Cite

View full text Add to dashboard Cite

Ransomware poses a significant and pressing challenge in today's society. Mitigation efforts aim to reduce the profitability of ransomware attacks. Nevertheless, limited research has analysed factors that influence the size of ransom and willingness of businesses to pay a ransom. This study aims to address this existing gap by conducting an empirical investigation that focuses on the ransom paid by victims. Extending on past research, we analyse 382 ransomware attacks reported to the Dutch Police and/or handled by an Incident Response (IR) company. One challenge of modeling ransom payments is the large proportion of victims who did not pay, which leads to zeroinflation. We tackled this problem by employing a hurdle model, which effectively deals with zero-inflation by capturing ransom paid as a two-step decision-making process: first, victims decide whether to comply with the ransom demands, and if they choose to do so, they then need to determine the acceptable ransom amount. The results indicate that the presence of backups and the decision to go to an IR company play a pivotal role in the decision whether to pay the ransom or not. In addition, our findings identify insurance coverage, data exfiltration, and annual revenue of the victim as key determinants affecting the ransom amounts. Specifically, having insurance results in ransoms that are 2.7 times larger, data exfiltration corresponds to a 4.4 times increase in the ransom, and each 1% increase in a victim's yearly revenue causes a 0.12% rise in the ransom paid. In concluding our paper, we present practical policy recommendations that take into account the two crucial decision-making steps outlined in our study, focusing on data exfiltration and insurance.

show abstract

Section: Discussionsupporting

confidence: 89%

“…A significant subset of victims consists of those who refuse to pay the ransom, as emphasized by [7], [8], [11]. For these individuals, the WTP is effectively zero.…”

Section: Related Work and Hypothesesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Ransomware Economics: A Two-Step Approach To Model Ransom Paid

Meurs,

Cartwright,

Cartwright

et al. 2023

2023 APWG Symposium on Electronic Crime Research (eCrime)

Self Cite

View full text Add to dashboard Cite

show abstract

“…We remark that our paper adds to a growing literature using game theory to analyse the ransomware decision process [4,5,9,13]. Prior game-theoretical studies have focused on the interaction of ransomware and victim's decision to invest in security measures like backups or insurance [2,32,36,38].…”

Section: Introductionmentioning

confidence: 91%

“…The victim then chooses whether to pay the ransom or not. To simplify the analysis we assume an ultimatum bargaining game in 4 The attacker could choose any ransom above 0 for any combination of both own type and signal. So, suppose, more generally, we denote by R S DE , R which there is no opportunity for negotiation.…”

Section: Signaling Gamementioning

confidence: 99%

Double-sided Information Asymmetry in Double Extortion Ransomware

Meurs,

Cartwright,

Cartwright

2024

Preprint

Self Cite

View full text Add to dashboard Cite

Double extortion ransomware attacks are a form of cyber attack where the victims files are both encrypted and exfiltrated for extortion purposes. There is empirical evidence that double extortion leads to an increased willingness to pay a ransom, and higher ransoms, compared to encryption-only attacks. In this paper we model two important sources of assymetric information between victim and attacker: (a) Victims are typically uncertain whether data is exfiltrated, due to for example misconfigured monitoring systems. (b) It is hard for attackers to estimate the value of compromised files. We use game theory to analyse the payoff consequences of such private information. Specifically, we analyse a signaling game with double-sided information asymmetry: (1) attackers know whether data is exfiltrated and victims do not, and (2) victims know the value of data if it is exfiltrated, but the attackers do not. Our analysis indicates that private information substantially lowers the payoff of attackers. In interpretation, this suggests that private information is valuable to victims and a means to reduce incentives for criminals to pursue ransomware.

show abstract

Overlay Security: Email and Social Media

Nielson

2023

Discovering Cybersecurity

View full text Add to dashboard Cite

How cyber insurance influences the ransomware payment decision: theory and evidence

Cited by 9 publications

References 36 publications

Ransomware Economics: A Two-Step Approach To Model Ransom Paid

Ransomware Economics: A Two-Step Approach To Model Ransom Paid

Double-sided Information Asymmetry in Double Extortion Ransomware

Overlay Security: Email and Social Media

Contact Info

Product

Resources

About