Only 55% of the organizations surveyed are carrying any cyber insurance at all. And of those that are insured, just under 20% have more than $600,000 in coverage; not enough to meet the usual ransomware payment, let alone the potential cleanup costs.
North Carolina and Florida have banned ransomware payments for government agencies. Pennsylvania, New York, Texas, Arizona and New Jersey have also had bills of this nature recently come up for consideration.
A new ransomware reporting bill introduced to the House of Representatives proposes putting new requirements on financial institutions, some of which are likely to be controversial. Any payment of over $100,000 would require the victim to first obtain special permission from the US Treasury.
A little over half of the $4.4 million Colonial Pipeline ransomware payment has been recovered by the FBI, and in the process some questions about the source of the attack may have been answered.