Canadian Underwriter

Organizations more willing to pay ransom for this type of data breach

November 18, 2022   by Alyssa DiSabatino

A virtual screen shows the words intellectual property, along with a lightbulb, padlock, target, megaphone and other various icons

Print this page Share

Ransomware is out, intellectual property data exfiltration is in.

At least, that may be the bigger concern for breached companies these days, cyber experts warned in a Gallagher Talks presentation. 

Organizations are less likely to pay a ransom when their confidential information has been breached, but are increasingly more concerned —and more willing to pay — when their intellectual property has been exfiltrated, said Peter Keryakes, assistant vice president of Eastern Canada, and manager of North America financial lines at Chubb. 

Cyber criminals are making money by selling intellectual property on the dark web or to the breached organization’s competitors, he said. 

“What we’re currently seeing is that organizations are not necessarily paying if there’s a breach of confidential information, but more so if it’s intellectual property. So, the trade secrets an organization has could bring a competitive advantage to one of the organizations that are willing to pay for that type of data, as it is so important for the core business of the organization.”  

One big concern is that a full 90% of organizations found evidence of data exfiltration only after cyber criminals claimed in a ransom note that they committed the data theft. 

“What’s concerning there is that [cyber criminals] may not necessarily be getting into your system and encrypting it and making you buy an encryption key. They may just be taking the data out without even bothering to shut down your system and threatening to release it,” said Paige Cheasley, team leader and account executive of the knowledge-based economy division at Gallagher GPL. She was citing figures from Baker Hostetler’s 2020 Data Security Incident Response Report. 

Plus, the average time it takes for organizations to identify a breach is about 200 days, on top of another 70 days that it takes to contain the breach. That means organizations are taking almost three-quarters of a calendar year to respond to cyber incidents, according to Ponemon’s 2022 Cost of a Data Breach Report. 

“This trend has not improved, really, in the last six years,” Cheasley observed between 2016 to present. “It’s concerning for the insurers because that’s a long period of somebody sitting in your system, potentially.” 


Feature image by