• Contact Us
  • 833-476-2487
  • 833-4-SOCIUS

    Socius LogoSocius LogoSocius LogoSocius Logo

    • Brokerage
      • Management & Professional Liability
      • Property
      • Casualty
    • Applications
      • Crime
      • Cyber
      • EPLI
      • Errors and Omissions
      • Management Liability
      • Property and Casualty
    • Continuing Education
    • About Us
      • Meet Our Team
      • A Decade or More
      • Mission & Vision Statement
      • Testimonials
      • Philanthropy
      • Careers
    • Resources
      • Articles
      • Reference Documents
      • Socius Scoop
      • Diversity & Inclusion Newsletters
      • Press Releases
    • Make a Payment

    The Next Wave of Cyber Claims

    March 1, 2021

    By: Kevin Kershisnik

    A new wave of cyber claims is coming. No one can predict exactly what it will involve, but all signs indicate that it will be even worse than we’ve already experienced. Here are three trends we’re seeing now.

    Trend #1: Ransomware Attacks and Demands Have Grown

    Ransomware attacks have been on the rise. According to Cyber Florida at the University of South Florida, researchers found a 715% surge in ransomware attacks in 2020.

    That’s bad, but the sheer volume isn’t the only problem. In recent months, ransom sizes have also increased.
    According to ZDNet, a report from IBM shows that some ransoms have reached as high as $40 million.
    Cybercriminals may even take the targeted company’s revenue into account when setting ransoms – meaning
    that companies of every size are being squeezed as hard as possible. Seven-figure ransoms – like the one that
    Bloomberg says the University of California, San Francisco paid – are becoming increasingly common. Although
    the SME space doesn’t see exorbitant ransom events as described above, the days of $25,000 ransom are
    behind us. It’s not unusual to see a SME get hit with a $150,000 ransom.

    Trend #2: Threats Have Evolved

    In the past, if a company was diligent about backing up data, it could restore files after a ransomware attack
    without giving into the hacker’s demands. Things are no longer so simple.

    Cybercriminals have moved from simply encrypting data to threatening to release it to the public. This is
    what happened in Chatham County, N.C., according to Becker’s Hospital Review, when a ransomware group
    published the protected health and personally identifiable information of residents. In another example, The
    Verge reports that hackers are threatening to auction off stolen source code potentially worth millions of dollars
    after targeting CD Projekt Red, a video game developer, with a ransomware.

    Technology can’t always prevent cyberattacks, either, because many attacks start with phishing or business
    email compromise schemes that exploit human weaknesses, not technological weaknesses. Often, the emails
    that hackers send appear to come from a trusted vendor, client, coworker, or supervisor. Hackers obtain the
    target’s trust to send a malicious link, request sensitive information, or ask for a wire transfer.

    Trend #3: Privacy Laws Have Complicated the Aftermath

    Increased regulatory demands are adding to the cyber situation. First, the European Union passed the GDPR.
    Then California passed the CCPA. New York is working on the SHIELD Act, and other states are jumping on the data
    privacy bandwagon. Under these laws, companies that handle personal data have additional responsibilities,
    and those that experience cyberattacks may face investigations, fines and penalties.

    When a cyber event impacts personal data, where the company is located doesn’t matter. What matters is the
    victims’ locations. Because modern business is rarely contained within one state or country, companies must
    comply with a maze of regulations.

    Businesses Must Prepare

    Cyber threats are getting worse and businesses must be proactive about their cyber risk management practices.
    In addition to preemptive IT practices, businesses must focus on:

    Training

    Because many attacks target people, education is essential. Many people fall for phishing attacks, and
    businesses shouldn’t assume their workers won’t. Instead, businesses can use training and active testing
    exercises provided by cyber insurance providers. Training should also cover cyber awareness outside of
    phishing.

    Disaster Recovery

    Cyberattack recovery must be part of every company’s disaster recovery plan. Knowing what to do if a
    cyber event occurs will lessen the potential loss and business interruption. Here are a few of the many
    steps companies must manage following an attack:

    • Negotiate the ransom and set up a cryptocurrency account to facilitate the payment.
    • Conduct a forensic investigation to determine the source of the breach, which data was exposed and whether the threat remains.
    • Comply with notification requirements and regulations in all states where the victims of the data breach reside.
    • Minimize business interruption by getting the systems up and running quickly.
    • Comply with any regulatory investigations as well as PCI investigations if the company accepts credit card payments.

    Insurance

    All companies have cyber and privacy exposures, regardless of the amount of non-public data they
    hold. Businesses that outsource their IT needs are still statutorily responsible if a breach occurs. Policies
    should cover phishing and ransomware, including coverage for the ransom itself, as well coverage for the
    expenses incurred in the aftermath. Companies should establish and practice an Incident Response plan
    and utilize carrier resources as part of formulating the plan.

    As ransom demands increase, selecting an appropriate policy limit has become more complicated. Tools
    for assessing total exposure and appropriate limit abound, but no one tool is perfect. The greater the
    potential for a large business income, ransomware or notification event, the higher the overall exposure.
    Today’s remote working environment raises the stakes even further for companies.

    Cyber Market Conditions

    The cyber market is firming, making it harder to get robust coverage. Some insuretechs have eased the rate
    increases, but even the newer entrants are starting to see loss development. Reinsurance rate increases are also
    impacting premium. Some carriers are being more restrictive in their underwriting process, requiring additional
    questionnaires regarding policies, procedures and controls. A major player in the large risk market segment has
    established 50% coinsurance on all ransomware events.

    There are currently more than 80 cyber markets so availability is widespread. Knowing what coverages are
    available and how to best address the threats is the key to sifting through all of the options. Reach out to Socius
    for assistance with sourcing and negotiating appropriate coverage for your clients.

    Kevin Kershisnik
    Senior Vice President
    email: kkershisnik@sociusinsurance.com
    direct: (213) 243-1221

    Download a PDF version 

    Share

    Socius Logo

    As your outsourced marketing department, we work closely with both admitted and specialty markets to meet your clients’ unique needs.

    • Home
    • Continuing Education
    • Employee Benefit Providers
    • Contact Us
    • Terms of Use & Privacy Policy
    Copyright © 2022 Socius Insurance All Rights Reserved.
        We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
        Do not sell my personal information.
        Cookie settingsACCEPT
        Privacy & Cookies Policy

        Privacy Overview

        This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
        Necessary
        Always Enabled
        Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
        Non-necessary
        Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
        SAVE & ACCEPT
        Customer Feedback