By: Kevin Kershisnik
A new wave of cyber claims is coming. No one can predict exactly what it will involve, but all signs indicate that it will be even worse than we’ve already experienced. Here are three trends we’re seeing now.
Ransomware attacks have been on the rise. According to Cyber Florida at the University of South Florida, researchers found a 715% surge in ransomware attacks in 2020.
That’s bad, but the sheer volume isn’t the only problem. In recent months, ransom sizes have also increased.
According to ZDNet, a report from IBM shows that some ransoms have reached as high as $40 million.
Cybercriminals may even take the targeted company’s revenue into account when setting ransoms – meaning
that companies of every size are being squeezed as hard as possible. Seven-figure ransoms – like the one that
Bloomberg says the University of California, San Francisco paid – are becoming increasingly common. Although
the SME space doesn’t see exorbitant ransom events as described above, the days of $25,000 ransom are
behind us. It’s not unusual to see a SME get hit with a $150,000 ransom.
In the past, if a company was diligent about backing up data, it could restore files after a ransomware attack
without giving into the hacker’s demands. Things are no longer so simple.
Cybercriminals have moved from simply encrypting data to threatening to release it to the public. This is
what happened in Chatham County, N.C., according to Becker’s Hospital Review, when a ransomware group
published the protected health and personally identifiable information of residents. In another example, The
Verge reports that hackers are threatening to auction off stolen source code potentially worth millions of dollars
after targeting CD Projekt Red, a video game developer, with a ransomware.
Technology can’t always prevent cyberattacks, either, because many attacks start with phishing or business
email compromise schemes that exploit human weaknesses, not technological weaknesses. Often, the emails
that hackers send appear to come from a trusted vendor, client, coworker, or supervisor. Hackers obtain the
target’s trust to send a malicious link, request sensitive information, or ask for a wire transfer.
Increased regulatory demands are adding to the cyber situation. First, the European Union passed the GDPR.
Then California passed the CCPA. New York is working on the SHIELD Act, and other states are jumping on the data
privacy bandwagon. Under these laws, companies that handle personal data have additional responsibilities,
and those that experience cyberattacks may face investigations, fines and penalties.
When a cyber event impacts personal data, where the company is located doesn’t matter. What matters is the
victims’ locations. Because modern business is rarely contained within one state or country, companies must
comply with a maze of regulations.
Cyber threats are getting worse and businesses must be proactive about their cyber risk management practices.
In addition to preemptive IT practices, businesses must focus on:
Because many attacks target people, education is essential. Many people fall for phishing attacks, and
businesses shouldn’t assume their workers won’t. Instead, businesses can use training and active testing
exercises provided by cyber insurance providers. Training should also cover cyber awareness outside of
phishing.
Cyberattack recovery must be part of every company’s disaster recovery plan. Knowing what to do if a
cyber event occurs will lessen the potential loss and business interruption. Here are a few of the many
steps companies must manage following an attack:
All companies have cyber and privacy exposures, regardless of the amount of non-public data they
hold. Businesses that outsource their IT needs are still statutorily responsible if a breach occurs. Policies
should cover phishing and ransomware, including coverage for the ransom itself, as well coverage for the
expenses incurred in the aftermath. Companies should establish and practice an Incident Response plan
and utilize carrier resources as part of formulating the plan.
As ransom demands increase, selecting an appropriate policy limit has become more complicated. Tools
for assessing total exposure and appropriate limit abound, but no one tool is perfect. The greater the
potential for a large business income, ransomware or notification event, the higher the overall exposure.
Today’s remote working environment raises the stakes even further for companies.
The cyber market is firming, making it harder to get robust coverage. Some insuretechs have eased the rate
increases, but even the newer entrants are starting to see loss development. Reinsurance rate increases are also
impacting premium. Some carriers are being more restrictive in their underwriting process, requiring additional
questionnaires regarding policies, procedures and controls. A major player in the large risk market segment has
established 50% coinsurance on all ransomware events.
There are currently more than 80 cyber markets so availability is widespread. Knowing what coverages are
available and how to best address the threats is the key to sifting through all of the options. Reach out to Socius
for assistance with sourcing and negotiating appropriate coverage for your clients.
Kevin Kershisnik
Senior Vice President
email: kkershisnik@sociusinsurance.com
direct: (213) 243-1221