Cyber Insurance
The impact of ransomware on it
Starting with cyber insurance costs, a recent LexisNexis study found that cyber insurance premiums are up 50% since 2015, and the average cost per employee is $30-$40 million. In particular, underwriters are now favoring larger companies over smaller ones due to potential losses associated with ransomware attacks like WannaCry, not only due to data but also reputational damage.
The second finding of the report revealed that cyber criminals are becoming more sophisticated, using encrypted communication channels and an “onion router,” creating anonymous networks on the dark web and allowing attackers to have full control over their malware-infected computers. This capability provides the ability for them to change ransom demands as they wait for victims’ files to be unlocked.
If this weren’t enough, Fitch Ratings reported that the cyber insurance industry faced “a reckoning” in 2020 due to the wave of ransomware incidents that took place that year.
Fitch Ratings reported in May 2021 that the direct loss ratio for the industry spiked in 2020 to 73%, compared with an average of 42% for the previous five years (2015–2019). Also, the average paid loss for a standalone cyber claim jumped to $359,000 in 2020 from $145,000 in 2019.
Consequently, U.S. cyber rates were up in quarter one of 2021, according to the latest Marsh report. When you realize that a majority of organizations are affected by ransomware and that the average ransom payment went up 171% to $312,493 in 2020 compared to $115,123 in 2019, you see the impact that is taking place. The cause for this increase is the Ransomware-as-a-Service (RaaS) model, which leverages a partner program to execute cyberattacks.
When we look at what JBS USA paid, an $11 million ransom, to cybercriminals who temporarily knocked out plants that process roughly one-fifth of the nation’s meat supply, or at the REvil ransomware gang who is demanding $70 million to unlock computers in a July 2 ransomware attack on Kaseya, we realize that the ransomware isn’t going away.
In the meantime, cyber insurance costs go up and planning to get enough coverage isn’t something easy to do, nor is it the best investment if you want to actually secure your assets from cyber threats.
Additionally, the uptick in ransomware attacks comes as a result of the pandemic creating a global remote workforce from one day to the next without enough time for companies to provide proper cybersecurity training and set up effective measures for cyber resilience to take place from the home office.
Now that everything is settling into a “new normal”, companies can evaluate the cyber insurance plan that is right for them and put into place the proper cybersecurity measures to create cyber resilience.
When you properly set up your hybrid and remote workforce to have network and application security in the forefront.
When you invest in micro-learning cybersecurity training solutions to teach employees how to spot phishing emails and suspicious files.
When you set up your compliance requirements and policies and procedures with partners, third party vendors, and have a way to track and back-up everything for business continuity, plus incident response.
When you have created an effective cyber resilience plan and implemented it, your cyber insurance will be what insurance is usually for, a safety measure, a plus to cover all your basis.
Let’s talk if you need cyber ready consultants to guide you or a cybersecurity staffing solution to get ahead of your risks. Schedule your free consultation!