Cybercriminals are becoming bolder in their ransom demands and are using more sophisticated tactics in accessing data systems. As a result, agents brokers and their clients may face a more challenging market for cyber insurance.
With ransomware and other cybercrimes surging, agents, brokers and their business clients may be facing a more challenging market for cyber insurance.
Cybercriminals are becoming bolder in their ransom demands and are using more sophisticated tactics to hack into data systems and lock up and encrypt critical business data, prompting some insurers to tighten their underwriting practices and raise premium rates.
As a result, the appetite for cyber risk could change among some insurers, with a focus on coverage terms, conditions, deductibles and sublimits.
Although that may not be true for all segments of the cyber insurance market, expect caution as ransomware claims rise and carriers call on insureds to improve their data security.
It's difficult to keep up with cybercriminals. The average ransom payment is almost $234,000 as of the third quarter of 2020, an increase of 31% from the previous quarter, according to Coveware.
Almost 50% of ransomware attacks that locked up business data also included a threat to release the stolen information, pressuring companies to pay to prevent public disclosure. Sometimes, even if they did pay, a second ransom demand was made.
Downtime that adds to the cost and disruption of ransomware is also climbing. In the third quarter of 2020, the average business victim of a ransomware attack experienced 19 days of business interruption, ranging from some machines being unavailable to a complete shutdown of operations.
And while ransomware attacks on large companies get headlines, small businesses are also targeted as the shift to portable laptops, smartphones and work-from-home employees adds to the risk.
Bad actors often exploit remote desktop protocol (RDP) connections used to connect computers over remote networks to hack data systems for cyber extortion. Coveware points out that access to improperly secured RDP ports and their associated compromised credentials can be purchased for less than $50, making it worthwhile to target smaller companies.
It's easy and cheap for cyberattackers, but a ransomware attack can devastate a small business. Unlike larger organizations which often can restore data and recover financially, smaller businesses are less likely to back up information and can't afford to pay the ransom demand.
Two recent ransomware insurance claims show the difference it can make when a business takes steps to secure its data.
In one case, a manufacturer's data system was infected with the RYUK strain of ransomware, encrypting information on 300 servers and 100 desktop computers. The hackers demanded $3.5 million in bitcoin, but the company instead restored its data from backups for a fraction of the cost.
The second incident involved a supplier, which had 47 servers and multiple workstations infected with Sodokonibi ransomware. Since it did not back up its data, a ransom payment of about $500,000 was negotiated and it took longer and cost more to restore its systems.
When attacking larger companies, cybercriminals may send phishing emails or exploit unpatched data system vulnerabilities. They can hack into a business and linger for months, reviewing data, revenues and financial assets so they can demand the highest possible ransom.
How can agents help their clients protect important data and prevent business interruption? Here are some tips to help a business prevent ransomware and mitigate a loss:
1) Back up data frequently. Use media not connected to the internet, such as tape backups and removable drives. Attackers can encrypt backups on a network or in the cloud. The safest and most effective plan is to have multiple backups isolated from the network.
2) Use a secure email gateway. The gateway is an appliance or software service that protects from spam, viruses, malware and denial of service attacks. It scans incoming, outbound and internal emails, including attachments and URLs, for malicious or harmful content.
3) Remote desktop protocol. Using this tool distributed with Microsoft operating systems allows one device to remotely connect to another. Set firewalls to limit access to RDP ports and restrict users who can log in using RDP to only employees who need access.
4) Configure cloud services properly. If you can't find information to secure cloud data on your cloud provider's website, it's well worth investing in advice from a cybersecurity consultant.
5) Install patches and software updates. Set up automatic software updates whenever possible. For software that can't be set up automatically, establish a schedule for updating. If you don't install patches or updates due to legacy system issues, consider doing so now.
Timothy Zeilman is a vice president with HSB, part of Munich Re, which provides a range of specialty insurance products. He leads HSB's cyber insurance efforts.