Real-world recovery: The role of cyber insurance in ransomware resilience

Cyberattacks, particularly ransomware, have become one of the most pressing threats to organizations today. As businesses increasingly rely on cloud-based platforms like Microsoft 365, they are exposed to new risks. Having a solid backup strategy is critical, but as cyberattacks evolve, companies must also consider additional layers of protection, such as cyber insurance.

In this article, I’ll share how INNOVISION helped one of our clients navigate a serious cyberattack, and how cyber insurance complemented their recovery efforts to build true resilience.

INNOVISION and our role in cloud resilience 

As the founding CEO of INNOVISION, I’ve spent years helping businesses across the globe enhance their data protection strategies. INNOVISION, headquartered in French Polynesia with a business footprint in Mauritius, New Zealand, and France, works with an ecosystem of handpicked partners to provide cutting-edge SaaS data protection solutions.

As an elite partner of Keepit, we have been able to support businesses in regions like the South Pacific, Caribbean, Indian Ocean, and Africa, ensuring they are prepared to face the digital challenges of today.

Recently, one of our clients — a cloud-only company operating in a highly sensitive sector — suffered a ransomware attack that compromised their Microsoft Entra ID (formerly Azure Active Directory). Due to the confidential nature of the case, I can’t disclose their name or industry, but what I can share is how the combination of Keepit’s backup solutions and cyber insurance played a critical role in their recovery. 

Understanding the importance of backup and insurance 

The cyberattack that hit our client was sophisticated. Administrative accounts were compromised, user accounts were deleted, and sensitive data was almost exfiltrated. While our team quickly identified the impacted areas and restored the compromised accounts by using Keepit, significantly reducing downtime and the impact of the attack, we also recognized early on that recovery tools alone don’t protect the business from all financial losses.

Cyber insurance came into play when the customer needed to navigate the legal and financial implications of the breach. While backups helped restore data, maintain operational continuity, and greatly mitigate the impact of the attack, the cyber insurance policy covered the costs associated with the incident — from forensic investigations to legal fees and regulatory penalties. This case highlights the importance of a multifaceted, diversified cybersecurity strategy which focuses on layered defenses.

How cyber insurance and backup systems come together 

Many organizations believe that having either cyber insurance or backup and recovery systems alone is enough to protect them from cyberthreats. However, incidents like ransomware are not just about data loss or financial losses; they involve both significant costs as well as data loss and service interruptions that can cripple a business.

In our client’s case, the insurance policy covered the costs of the incident response team that helped them understand the full scope of the attack — this is where cyber insurance added another layer of security. It also helped cover the regulatory fines that followed, as the company operates in a sector where data protection and compliance are paramount. Without the financial buffer provided by insurance, the client would have faced severe financial hardship, despite having a robust backup solution in place.

Additionally, cyber insurance required the client to show evidence of their cybersecurity practices, including their backup strategy. This requirement forced the company to continuously improve their resilience efforts. Keepit’s ability to demonstrate compliance with key data protection standards became a valuable asset during the insurance claim process, as it proved that they had taken necessary precautions before the breach.

Insurance is a safety net, not a replacement for preparedness

While cyber insurance can mitigate the financial impact of an attack, it should never be seen as a replacement for having strong cybersecurity measures and a comprehensive backup strategy. In fact, most cyber insurers will require businesses to demonstrate their preparedness before issuing a policy. This includes everything from encryption standards to immutable backups and geographic redundancy. You can read more about insurability controls and cybersecurity frameworks in an article by Keepit’s CISO, Kim Larsen.

In our client’s case, their insurance claim would not have been successful if they hadn’t been able to prove that they had proper data protection systems in place. Keepit’s advanced features — such as its ability to store historical logs and perform seamless identity and data recovery — were instrumental in demonstrating that the company had the right precautions in place before the breach occurred.

Cyber resilience: A multi-layered approach 

This experience taught both us and our client that true cyber resilience is a combination of proactive and reactive strategies. The proactive side is all about preparing for the worst with robust backup and cybersecurity measures. The reactive side is having the financial safety net that cyber insurance provides, as well as fast data restore, so when an incident does occur, businesses can recover without significant financial harm.

Our client learned that even with strong recovery tools in place, cyber insurance was crucial to navigating the financial aftermath of the attack. The combination of these two strategies — backup and cyber insurance — ensured that they could restore their operations quickly while mitigating the long-term financial impact. 

Conclusion: Preparing for the inevitable 

In today’s threat landscape, the question is no longer if an attack will occur, but when. Having a robust backup strategy is essential for operational resilience, but cyber insurance plays a key role in protecting the business from the financial impact of these incidents. As ransomware and other forms of cyberattacks continue to evolve, organizations must adopt a multi-layered approach to cybersecurity, with backup and recovery systems serving as the last line of defense.

At INNOVISION, we encourage all of our clients to invest in both comprehensive backup solutions, like Keepit, and a reliable cyber insurance policy. Together, these tools can ensure that when the inevitable happens, businesses are not just able to recover their data but survive the financial fallout of an attack. 

This article is part two of a two-part series sharing a real-world customer story on cyber resilience. In part one, we explored how SaaS backup solutions helped the same company recover quickly from a cyberattack. Read part one entitled "Real-world recovery: SaaS data backup as the cornerstone of cyber resilience."

To learn more about cyber insurance, watch Keepit’s on-demand webinar with SaaS data protection experts: