A recent IT Pro survey revealed a concerning trend: nearly 45% of Managed Service Providers (MSPs) maintain a "ransomware kitty"—a dedicated reserve for paying cybercriminals in the event of a ransomware attack. Surprisingly, only 36% of MSPs carry cyber insurance, and 11% have neither a reserve fund nor coverage.
This raises a fundamental question: Is your IT provider focused on ransomware prevention or simply preparing to pay when it happens?
What Is a "Ransomware Kitty"?
A ransomware kitty is a fund—sometimes formal, often informal—kept specifically to pay ransom if systems are compromised by a cyberattack. While some MSPs frame it as a practical contingency plan, it reflects a reactive cybersecurity strategy. It signals that the provider is preparing for failure rather than investing in cybersecurity resilience and data recovery preparedness.
Paying a ransom is not a cybersecurity strategy. It’s a gamble—and one that can fuel future ransomware attacks.
The Risk of Paying Cyber Ransoms
The risks associated with paying ransomware demands are significant. There is no guarantee that attackers will unlock your data after payment. Often, the decryption keys either don’t work properly or only recover part of the data. Additionally, paying once can make an organization a repeat target, as cybercriminals recognize they’re dealing with someone willing to negotiate.
From a legal perspective, things get even murkier. If the group behind the attack is tied to a sanctioned entity, paying them could result in federal penalties. Reputationally, businesses risk losing the trust of clients, vendors, and regulators by choosing to fund criminals rather than invest in robust cyber defense.
What Proactive Ransomware Preparedness Looks Like
True ransomware preparedness is built on prevention, detection, and recovery. A proactive MSP should deliver:
- Layered security controls that include firewalls, endpoint detection and response, intrusion monitoring, and access management.
- Routine patching and vulnerability scans to identify weaknesses before attackers do.
- Encrypted, offsite backups that are tested frequently to ensure they can be restored quickly and reliably.
- User training and phishing simulations to reduce the risk of human error.
- Incident response plans that outline roles, responsibilities, and escalation paths during a crisis.
A provider focused on these areas is more likely to prevent ransomware attacks and better prepared to recover without resorting to payouts.
Cyber Insurance and Business Continuity
While it’s not a substitute for strong IT security, cyber insurance can mitigate the financial damage caused by a ransomware incident. Good policies may cover data recovery, legal fees, notification costs, forensic investigations, and business interruption.
However, insurers are tightening their standards. Today, they expect policyholders to show evidence of modern cybersecurity practices, including endpoint monitoring, incident response protocols, and employee awareness training. A qualified MSP should help businesses meet these requirements—not leave them navigating coverage alone.
A Real-World Cautionary Tale: Colonial Pipeline
In May 2021, Colonial Pipeline, the largest fuel pipeline in the U.S., fell victim to a ransomware attack. Operations were halted across the East Coast, and the company paid a $4.4 million ransom within hours to restore access to their systems.
While the FBI was able to recover part of the ransom, the attack had already caused widespread fuel shortages, price surges, and national headlines. The incident revealed how even large, well-resourced organizations can fall short in their IT security planning—and the ripple effects can be massive.
Colonial Pipeline’s experience underscores a critical point: Paying a ransom may restore functionality, but it does little to restore confidence or prevent recurrence.
What Businesses Should Be Asking Their IT Provider
Whether you manage a law firm, nonprofit, or manufacturing company, it’s time to have frank conversations with your IT provider. Ask them:
- What is your policy on ransomware payments?
- Do you carry cyber insurance, and do you help your clients obtain it?
- How often do you test full data recovery?
- What security controls do you have to prevent ransomware attacks?
- Can you walk us through your incident response plan?
Your technology partner should be able to provide specific, timely answers backed by documentation and clear service level agreements (SLAs).
Final Thoughts on Ransomware Resilience
Ransomware isn’t going away. But that doesn’t mean your strategy should include a payoff fund.
The most resilient businesses are those that partner with security-focused MSPs, prioritize tested backups, and prepare employees for threats. They don’t rely on a "ransomware kitty" because they’ve already invested in systems hardening, incident planning, and data protection.
If your current provider isn’t helping you plan, test, and secure every layer of your IT environment, it may be time to evaluate other options.
Request a Free Network Assessment
We offer a complimentary assessment to evaluate your backup strategies, risk posture, and ransomware readiness. No pressure. No jargon. Just clear insights you can act on.
Schedule your FREE assessment today here.
