惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security @ Cisco Blogs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cisco Talos Blog
Cisco Talos Blog
Cyberwarzone
Cyberwarzone
SecWiki News
SecWiki News
Webroot Blog
Webroot Blog
L
LINUX DO - 最新话题
V
Vulnerabilities – Threatpost
T
Troy Hunt's Blog
Cloudbric
Cloudbric
L
LINUX DO - 热门话题
Google DeepMind News
Google DeepMind News
H
Heimdal Security Blog
S
Schneier on Security
NISL@THU
NISL@THU
The Hacker News
The Hacker News
Attack and Defense Labs
Attack and Defense Labs
A
Arctic Wolf
V2EX - 技术
V2EX - 技术
Security Latest
Security Latest
AWS News Blog
AWS News Blog
Scott Helme
Scott Helme
W
WeLiveSecurity
S
Secure Thoughts
Y
Y Combinator Blog
GbyAI
GbyAI
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - Franky
量子位
人人都是产品经理
人人都是产品经理
雷峰网
雷峰网
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
T
Tenable Blog
The GitHub Blog
The GitHub Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
J
Java Code Geeks
Vercel News
Vercel News
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
小众软件
小众软件
Engineering at Meta
Engineering at Meta
宝玉的分享
宝玉的分享
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Palo Alto Networks Blog

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
RSAC 2026: Cyber insurance and the rise of ransomware
2026-04-08 · via Search Security Resources and Information from TechTarget

Richard Livingston

By

Published: 08 Apr 2026

John Kindervag opened his session at RSAC 2026 Conference with a compelling proposition: The advent of life insurance offered a new motivation to commit murder.

The Forrester alumnus, who is widely credited as the creator of the zero-trust security model, and current chief evangelist at Illumio, argued that, while murder has always been part of society, life insurance layered a financial incentive on top of an ancient crime.

Today, he said, that equates to cyber insurance giving digital criminals a lucrative new reason to escalate the decades-old practice of ransomware fraud.

Ransomware evolves

The ransomware age dawned in 1989. An evolutionary biologist, Joseph L. Popp, distributed thousands of floppy disks, labeled as legitimate research software, to attendees of a World Health Organization AIDS conference. Once installed, the program on the disks -- later dubbed the AIDS Trojan -- lay dormant until activated after a predetermined number of system reboots. The malware hid directories and encrypted file names with symmetric encryption, rendering the computer unusable. Victims were presented with a message to send a $189 payment to a P.O. box in Panama to regain access.

As computing and networks have grown more sophisticated, so have the technologies and methods employed in ransomware schemes.

In the early 2000s, basic file-renaming and locking techniques were replaced by asymmetric encryption. Distribution became easier as email attachments and botnets offered new methods to infect systems. Payment, too, became easier as cryptocurrencies provided anonymity without banking oversight. In 2019, extortion became a popular tactic; beyond just encrypting and locking data, attackers now stole it and threatened to publish it or leak it on the dark web.

By the 2020s, innovation had reached breakneck speed, with AI-fueled cyberattacks enabling large-scale, multivector data exfiltration and extortion from even the most secure government agencies and global enterprises.

The dawn of cyber insurance

The cyber insurance industry rose in parallel with greater reliance by businesses on the internet and electronic storage, as well as the growth of emerging cybersecurity threats.

Commercial insurers began experimenting with coverages in the 1990s, offering narrow third-party liability policies covering damage caused by hacker-induced breaches. By the end of the decade, insurers were issuing the first widely marketed cyber insurance policies, covering data breach response and business interruption costs. In the 2000s, more companies began offering products and began selling first-party coverage that insured policyholders and other parties affected by cyber incidents.

The industry has been maturing ever since, expanding product portfolios to include breach notification, credit monitoring, regulatory defense, ransomware negotiation, supply chain coverage and extortion protections. As the threat landscape has become more perilous, premiums have spiked. According to Kindervag, the market has grown 40-fold in the past 20 years and is presently estimated at nearly $21 billion.

The business of it all

According to the "Resilience 2025 Midyear Cyber Risk Report," ransomware-related incidents were responsible for more than 90% of losses in the first half of 2025.

Kindervag was quick to point out that both insurers and ransomware threat actors are motivated by the same thing, relaying a conversation with a cyber insurance executive who explained, "I could deny every claim. I'm not going to do that, because all I have to do is make sure I'm making more money than I'm paying out. It's a business to me. I'm not trying to transfer risk. I'm trying to make money. So as long as the financial equation works, we're going to keep making ransomware policies."

The largest portion of many cybersecurity budgets, Kindervag stated, is dedicated to paying ransomware. In 2018, companies paid about $39 million to have their data released, and within five years, that figure had ballooned to more than $813 million. Even when paying such staggering amounts, it behooves insurance companies to limit the number of riders on their policies, so paying premiums still makes sound business sense for their commercial policyholders.

"For some companies," Kindervag said, "They just consider [ransomware] part of doing business."

How much you got?

With a large, successful industry of commercial insurers willing to pay ransomware demands for their customers, criminals have grown bolder but also more pragmatic. They know insurers are willing to pay and can often determine the coverage amounts enterprises carry through data breaches and other methods. The result is an underground group of ransomware actors who can bypass the negotiation phase when holding data or systems hostage. Rather than engage in time-consuming haggling, they simply ask for the amount they know will be paid to the victim.

"They're coming up and asking you how much money you are getting," Kindervag said. "That's how much we are going to charge you. Not a penny more. They don't want extra. They just want what's coming to them, what's fair in their world. They're a business just like you're a business."

Several years ago, for example, the ransom note sent with Hardbit ransomware read, "If you told us anonymously that your company was insured for $10 million and other important details regarding insurance coverage, we would not demand more than $10 million in correspondence with the insurance agent."

Kindervag summarized the situation, "Ransomware amounts increased 2.8 times if the victims had insurance coverage. Think of that as a data point. The fact that you had insurance increased the amount of money you were going to pay for ransomware."

A policy problem

Kindervag didn't let enterprises off the hook in his session. He attested that bad policy enables ransomware events. When security professionals have poor visibility into systems and controls are in the wrong places, threat actors can gain the access needed to hold companies hostage. If an attacker has a long dwell time to gather the information needed to breach sensitive data, that is simply poor security policy.

Those policies, he argued, have played a significant role in the explosive proliferation of ransomware events. Because the cyber insurance business model does not necessarily reward stringent cybersecurity models, that industry has also been instrumental in the rise of ransomware.

Kindervag advocated strong cybersecurity first. But if security policies are insufficient to stop ransomware attempts, he advised companies not to stand on principle because at that point it's too late. "This is the end of the chain. You failed at the beginning with policy, and now you're paying the price for having bad policy."

Richard Livingston is an editor with Informa TechTarget's SearchSecurity site, covering cybersecurity news, trends and analysis.

Next Steps

What CIOs need to know about cyber risk insurance

How to find cyber insurance coverage

Dig Deeper on Security operations and management