The COVID-19 pandemic has caused a massive shift in the way organizations do business and the way their employees do their work, but, as is often the case, this shift has brought about an increase in cybersecurity risks, which should not be overlooked. Much of this increased risk comes from the rise of ransomware attacks. According to one of the largest cyber insurance providers in North America, approximately 41% of cyber insurance claims in the first half of 2020 are attributed to ransomware attacks. While one can be forgiven for thinking that cybersecurity is only a concern for large corporations, that is far from the case. The malicious actors behind ransomware attacks do not discriminate. It is a problem that affects organizations large and small in various industries including health care, government, construction, manufacturing, legal, and education, to name a few. Despite this increased risk, cybersecurity companies report that more than a quarter of small businesses have no plan to mitigate a ransomware attack.

For the uninitiated, ransomware is a type of malicious software that is embedded into a computer system through a variety of different methods. It encrypts the data on that system, potentially rendering that system, and any other systems that rely on that data, inoperable. The ultimate goal of the malicious actors is to extort money, a ransom, from the victim by offering to restore the computer systems upon payment. Victims can either pay the ransom or deal with the fallout; many, at the suggestion of their cyber insurance carriers, opt to pay the ransom.