Cyberattacks continue to evolve, and the cyber insurance market is evolving as well. To keep your business protected from the current threats, you need to know what’s happening now in emerging cyber trends.
All Industries Are Vulnerable – But Some Are Especially Challenging
Industries with a significant amount of sensitive data are attractive targets for cybercriminals. Historically, healthcare organizations have been especially vulnerable, and according to Comparitech, ransomware attacks on healthcare organizations in the U.S. cost $20.8 billion in 2020.
However, healthcare is not the most frequently targeted sector. According to Trellix, that dubious honor goes to the banking and financial sector, followed by utilities, retail, and education.
Industries that cannot afford downtime may also be attractive targets, and the IBM X-Force Threat Intelligence Index 2022 shows that manufacturing replaced financial services as the most attacked industry in 2021.
Businesses in these industries may face an incredibly challenging time securing cyber coverage. However, it’s important to remember that all businesses that connect to the internet are vulnerable to cyberattacks, regardless of the industry or size. Strong cybersecurity practices are needed across the board.
Cybercriminals Are Threatening to Publish Data
Many cyberattacks are moving away from a focus on encrypting data in order to hold it hostage and moving toward attacks that threaten to release sensitive data to the public. CISA warns that ransomware threat actors are increasingly using triple or double extortion. In addition to encrypting data, they may threaten to release stolen data. They may also disrupt the victim’s internet access or inform the victim’s partners, shareholders, and suppliers in order to put additional pressure on the victim to pay.
Some cybercriminals have abandoned encryption entirely and are just focusing on the threat to release sensitive data in order to extort money from their victims. A joint cybersecurity advisory from the IC3 and other government agencies says that the Karakurt data extortion group has been threatening businesses with data breaches unless a ransom demand is met. The hackers approach employees, business partners, and their clients and may provide screenshots to show that they have already gained access to the data. The ransom demands have ranged from $25,000 to $13,000,000.
It's still important to back up critical data and store it securely. However, as cybercriminals focus on selling or publishing data, preventing hackers from accessing your systems in the first place is becoming increasingly important.
Underwriters Are Getting Stricter
As cyberattacks continue to increase, more businesses are realizing the importance of insurance coverage. At the same time, insurers are dealing with rising losses, and it’s impacting their capacity.
The Q1 2022 P/C Market Report from the Council of Insurance Agents & Brokers (CIAB) shows that 89% of survey respondents report an increase in demand for cyber insurance, while 72% report an increase in claims. Cyber insurance premium prices increased 27.5% in the first quarter of 2022. While this is a large increase, it’s actually less steep than the 34.3% hike seen in the fourth quarter of 2021. Underwriters are also trying to mitigate losses by implementing stricter underwriting requirements.
Whether you’re applying for a new policy or your current policy is up for renewal, expect the underwriter to require cybersecurity measures to be in place before binding the policy. Required cybersecurity measures often include multifactor authentication. Other basic cybersecurity measures include the following:
- Update operating systems and software in a timely manner.
- Use antivirus software, email filtering, and firewalls.
- Create offline backups.
- Train workers on cybersecurity best practices, including how to avoid phishing attempts.
- Watch out for Remote Desktop Protocol vulnerabilities, which are frequently exploited by hackers.
Terms May Be More Limited
Ransomware demands can be massive. According to Touro College Illinois, Colonial Pipeline and Brenntag both paid $4.4 million to ransomware gangs, and JBS Foods paid $11 million.
Most demands aren’t quite this big, but multimillion-dollar demands are becoming more common. According to ZDNet, research from Sophos found that only 4% of ransomware victims paid ransoms of more than $1 million in 2020, but this went up to 11% in 2021. Additionally, the average size of a successful ransomware demand increased from $170,000 to $812,260.
As losses surge, Reuters says that some insurers are reducing limits. Some insurers may also impose ransomware sublimits. Review your policy for co-insurance requirements and other terms that may limit your coverage.
Although securing cyber insurance right now is more challenging due to emerging cyber trends, it is also critical protection. A single cyberattack can be devastating to a business. Heffernan can help you secure the cyber coverage you need. Learn more.