Eighty-one per cent of businesses surveyed have a ransomware coverage limit under $600,000 – or below last year’s median ransomware demand, a new report has revealed.

BlackBerry Limited and Corvus Insurance have released the BlackBerry Cyber Insurance Coverage study, showing businesses are increasingly concerned about how they will meet ransomware demands.

Only 19 per cent of those surveyed have ransomware coverage topping $600,000, while 59 per cent of businesses hoped the government would cover damages when future attacks are linked to other nation-states.

The report said small-to-medium sized businesses, a favourite target of criminals, are especially feeling the heat.

Of businesses with under 1,500 employees, only 14 per cent have a coverage limit in excess of $600,000.

A recent Forrester report estimated that a typical data breach would cost the average organisation $2.4 million to investigate and recover.

Perhaps unsurprisingly, the report says, 50 per cent of SMB respondents hoped the government would increase financial aid in all ransomware incidents.

Shishir Singh, executive vice-president and chief technology officer, cybersecurity at BlackBerry, said: “Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage.

“For uninsured and under insured organisations, this potentially puts them in extreme jeopardy. The cyber underground is increasingly sharing learning and partnering to make threats as efficient as possible.

“It’s vital businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk.”

The report said many businesses reported cybersecurity coverages that are poorly tailored to their current situation.

More than one-third (37 per cent) of respondents are not currently covered for any ransomware payment demands, while 43 per cent are not covered for auxiliary costs such as court fees or employee downtime.

At the same time, the report said, cyber insurance has become harder to get, due to increased software requirements placed by insurance brokers.

Over one-third (34 per cent) of respondents have been denied coverage due to not meeting specific endpoint detection and response software requirements. These increased requirements however may be having a real impact on reducing ransom payouts.

Vincent Weafer, CTO at Corvus, said: “Though it might sound counter intuitive, continuing to adhere to software requirements is one of the best ways to fight the ransomware industry.

“In our portfolio alone, we’ve seen a 50 per cent reduction in the ratio of ransom demands that end up being paid. Better software adoption is a critical element in better positioning organisations to stand up to attackers.”

BlackBerry commissioned Team Lewis Research to run an online survey of 450 business decision makers for IT/security solutions in the United States and Canada. The fieldwork took place between July 15 and 22.