Skip to content
All posts

Ransomware and Cyber Insurance

The Pounding Effects

How Can Data Resilience Improvements Optimize Cyber Insurance Offerings?

Introduction

According to Reuters, insurance companies dramatically reduced their customers’ cyber coverage after the pandemic and home-working drove a surge in ransomware attacks, resulting in a significant increase in payouts. Due to increased demand, leading European and American insurance companies, as well as Lloyd's syndicates, were forced to raise their premium rates, which they did. The higher rates were directly related to the higher ransoms, as “the costs associated with the repair of hacked networks, business interruption losses, and even PR fees to mend reputational damage.” Furthermore, it is claimed that Lloyd's of London, which deals with around 20% of the global cyber market, has discouraged its approximately 100 syndicate members from taking on cyber business during 2022 and onwards. The new market threats have also affected another giant insurer, AIG, which last year announced that they will reduce the cyber insurance limits. There are numerous studies which were published in the last 12 months, in which research companies were attempting to suggest the increased figures (percentage/USD) in the global ransomware attack. Even with the fluctuations in both figures, both were scary, and they both presented a steady increase in the number of attacks and the associated USD value. Other studies suggest that ransomware counts to almost 80% of cyber insurance claims. Last year, CyberScoop stated that the vast majority of cyber-related claims now involve ransomware. This results in severely diminishing profitability for the providers and will for sure result in a steep increase in insurance premiums. This chain reaction further results in limited and reduced overall coverage for organizations, and even ends up in driving away insurers from the cyber insurance market.

Present Ransomware Threats Status

At the same time, ransomware actors are becoming more and more sophisticated. According to the aforementioned Reuters report, the attackers are checking for the presence of cyber insurance policies so that they can demand higher ransom. These malicious actions make the challenges associated with using cyber insurance to pay for ransomware even more noticeable. Some insurance industry experts claim that in the last two years, two thirds of organizations had purchased a cyber insurance policy covering ransomware. Nearly half of those organizations with cyber insurance policies in place when they were victims of a ransomware attack, said that their insurer had covered only a portion of their losses. They still needed to pay out of pocket to cover the remaining ransomware recovery costs. So, with the above mentioned trends, one should ask if there is a solution which can mitigate the painful costs organizations will have to pay after ransomware attacks. While end-users are debating, the insurers are continuously changing the terms, and this results in rising premiums, limited coverage, not to mention factors like reputation which cannot be monetized.

Ideas for Cyber Insurance Optimizations

In the current ransomware troubled waters, organizations should do everything possible to avoid a successful ransomware attack, or insurers should demand better anti-ransomware measures from organizations willing to pay reasonable premiums. At present, the market is ripe for considering out of the box solutions which are new to this vertical, solutions which truly fortify the sensitive data organizations have. For example, solutions that combine hardware protection at the server level may offer an improved method or security. There should be a direct linkage between the cyber insurance premium and the level of cyber security, i.e. the premium figure should be reasonable when the organizations servers will be adequately protected and vice versa.