London reinsurance broker Willis Re told Reuters on Thursday that cyber reinsurance rates have skyrocketed in recent months due to a spate of devastating ransomware attacks on large corporations.
For the July extension season, rates have increased by up to 40%, according to James Vickers, chairman of Willis Re International.
Increasingly, companies are turning to cyber insurance and reinsurance companies for help with the recovery process from a ransomware attack. Cyber insurance and reinsurance companies handle everything from network recovery to public relations costs to business losses due to system downtime.
But cyber insurers have struggled to handle the wave of attacks that continues to harm hundreds of big companies like Colonial Pipeline and JBS. Both attacks made headlines for their devastating effects on US gas and meat supplies.
Vickers told Reuters that reinsurers “who wrote Cyber are getting significantly worse results than they were a few years ago”.
There has been significant debate over the impact of cyber insurance on ransomware, and ZDNet reported this week that a research paper by the Royal United Services Institute think tank found that cyber insurance policies encourage cyber criminals and are no longer sustainable for the industry.
The paper states that cyber insurance has not helped companies improve their cybersecurity and in fact “facilitates the behavior of cyber criminals by helping to grow targeted ransomware operations”.
Other experts speaking to ZDNet said there is evidence that ransomware groups are specifically targeting companies they know have cyber insurance because they are more likely to pay ransom.
A September report by cyber insurance company Coalition found that ransomware incidents accounted for 41% of all cyber insurance claims filed in the first half of 2020. The company said the incidence of ransomware attacks among its policyholders increased by 260% and found the average ransom note increased by 47%. Claims ranged from just $ 1,000 to 2 million.
The problem got so worse that insurance provider AXA announced earlier this year that, at the request of French government officials, it would end cyber insurance policies in France that repay ransomware victims for ransom money paid to cyber criminals.
AXA is one of the largest insurers in Europe and was considered the first to take such a drastic step. The plans would continue to cover the cost of restoring ransomware, but no more ransom payments after cybersecurity leaders within the French government and French senators raised concerns about the massive payouts to cybercriminals at a roundtable in Paris in April.
Eight days after the ransom was announced, AXA itself was hit by a ransomware attack.
Vickers told Reuters on Thursday that France is considering forcing all cyber insurers to stop reimbursing ransom payments as they have become lucrative for cyber criminals.
There are already several companies downgrading their cyber insurance coverage, and industry sources told ZDNet that some reinsurers are realizing they did not properly understand the cyberattack threats to businesses before offering specific coverage.
Insurance companies are now trying to reduce their risk exposure, which, according to industry circles, will lead to significant premium increases.
Shawn Melito, chief revenue officer at BreachQuest, said he has been in the cyber insurance industry for more than a decade and speaks to dozens of brokers and insurers every day. The rate hikes and interest in cyber insurance have long been expected, he said.
“You have the perfect storm of media coverage, lax data security, user-friendly hacking tools like ransomware as a service and massively increasing ransom money that make this so attractive,” explained Melito.
Shaun Gordon, CEO of BreachQuest, noted that the trickle-down effect of increases in reinsurance rates in certain industries results in significant premium increases for customers.
“In industries like manufacturing and healthcare, we hear that premium increases can be as high as 100% and sometimes over 150%,” said Gordon. “A major reason for this is ransomware and the fact that many companies have failed to implement technologies like MFA in areas such as email, remote access and privileged account access.”
Jack Kudale, CEO of Insurance Managing General Agent Cowbell Cyber, said policyholders should expect more questions to ask when renewing due to the recent wave of ransomware attacks, cybercrime and other threats.
Kudale told ZDNet that due to the emergence of stand-alone cyber insurers, cyber insurers are taking steps to clarify their insurance coverage and remove ambiguous insurance terms.
“In the future, the role of insurers must go beyond response and recovery to include education and prevention. For example, companies need cyber guidelines that are bundled with complementary cybersecurity training for all insured employees, ”said Kudale.
“This eliminates one of the fundamental causes of many attacks: an employee clicks on a phishing email. Organizations need to raise employee awareness of cybersecurity so that they can be the first line of defense and spot malicious activity. “
ZDNet recommends
The best cyber insurance
The cyber insurance industry is likely to go mainstream and is an easy cost to do business. Here are a few options to consider.
Continue reading
source https://collegeeducationnewsllc.com/ransomware-attacks-driving-cyber-reinsurance-rates-up-40/
No comments:
Post a Comment