Why Insurance Is Key When Things Go Wrong

Original article can be found HERE.

Why insurance is key when things go wrong

In an age where everyone is plugged in and screen time is on the increase, hackers are getting more and more comfortable sinking their virtual teeth into insecure technology.

Coalition has seen three growing trends when it comes to cyberattacks: ransomware, funds transfer fraud, and business email compromise (BEC). The initial ransom demands made by a criminal have increased in severity by 170% from the first half of 2020 to the first half of 2021. With funds transfer fraud, Coalition saw the severity in the amount that companies are transferring out to criminals increase by 170% in the same period.

“That 170% has increased an initial demand of $450,000 to $1.3 million,” Catherine Lyle, head of claims at Coalition, told Insurance Business.

“The pandemic forced everyone to work from home so rapidly that the proper counter measures and proper mechanisms to protect transactions weren’t put in place fast enough, it exposed lot of venerabilities for hackers to take advantage of,” said Guy Simkin, CEO of the Cyber Insurance Academy.

“The remote nature of work and COVID-19 has changed the landscape of communication which then shifted the landscape of security,” Lyle explained. “In a click culture where everyone is trying to help their customers, hackers are able to stay in systems longer.”

Attackers have found their way into insecure technology and are going to continue to be aggressive, transverse the system, figure out where key servers are, what to encrypt and where backups are stored.

“Today loss ratios are at an all-time high and insurers are realizing that they need to increase their expertise and knowledge in order to evaluate the risks more accurately and minimize losses,” Simkin noted.

“When we hear from our insured in a timely manner, we’re able to get back 95% of funds when possible,” Lyle mentioned. “The amounts are larger, and the transfers are going unnoticed, but if an insured gives us enough warning we can work with our contacts to claw back that money.”

The persistent and hostile nature of cyber criminals continues to be a growing threat for many businesses. They’re looking at each company, doing extensive research and figuring out how much a company can pay to respond to having their entire system compromised.

“We don’t anticipate that this trend is going to slow down as criminals have become more aggressive in their tactics and the damage that they can do,” said Lyle. “We also know criminals have become more automated in their approach so they can hit more targets at one time which only incentivizes them to do more harm.”

“Due to the rise in attacks, there’s been a rise in claims and a rise in demand,” Simkin explained. “Surprisingly we’ve also seen the supply side go down and noticed less and less insurers offering cyber insurance because of the complexity as it requires a different set of skills and a different language. They need to have that specialization and expertise in order to protect clients and be profitable.”

According to Simkin, it’s also more difficult to receive cyber insurance lately, as insurers are more critical about assessing if a client has a basic set of protection solutions – but there are some actions clients can take to show insurers that risk management strategies are in place.

Simkin noted that having minimum benchmarks, such as multi-factor authentication and firewalls, are essential to prevent email and server compromises.

“Increase your security and take the simple measures to protect your critical systems,” said Lyle. “Use a password manager, and ensure you have full backups segregated from your systems so they can’t be encrypted, and then keep up with your patches.”

Insurers are focused on proactive prevention, and Simkin emphasized that if a company wants to be insured and mitigate losses, it’s important to perform better due diligence and inspect their security culture to understand what tools will help understand the complexity of specific risks.

“Once you understand the security culture of a company you can propose solutions and countermeasures to install and minimize the existing risk and lower premiums as much as possible,” Simkin added.

“We’ve seen a rise in ransomware attacks but cyber is changing on a daily basis and new risks are constantly emerging,” said Simkin. “Before ransomware we were dealing with privacy issues, and next year it’s going to be completely different.”