The September 1 assault on Texas-based OakBend Medical Center where more than a million records were claimed to be stolen and the recently reported cyberattack on LAUSD prompting an unprecedented shutdown of its computer systems and subsequent ransom demand, are only a few stark reminders that ransomware attacks continue to be a major threat to organizations across all sectors. This is particularly true for small businesses that lack the staff, skills and resources for prevention and remediation.
According to cyber security firm Sophos, ransomware attacks spiked 78% and the proportion of victims paying ransoms of $1 million or more increased threefold over the previous year. Further, an alarming 90% of those hit by ransomware said the attack impacted their ability to operate, with 86% reporting a loss of business revenue.
Compounding these losses are the millions of dollars in potential legal fees, losses due to business interruption and reputational damage that often result from exposing sensitive customer information.
The dramatic rise in ransomware claims, starting early on in the pandemic when the switch to remote work opened new network and process vulnerability for companies, has had a significant impact on the availability of cyber insurance and how carriers underwrite the risk, not to mention rates. At Lockton, we’ve seen an average 83% rate increase on cyber policy renewals through July 2022.
More importantly, companies that neglect to deploy specific and meaningful measures to prevent, detect or mitigate the threat of ransomware are almost…uninsurable.
Carriers are not only asking insureds whether controls are in place but seeking to verify those controls exist and that insureds are continually applying more rigorous controls at the appropriate endpoints.
Insurers are scrutinizing cyber policy applications and reserving their rights to assert that potential misrepresentations bar coverage for claims.
While ransomware remains their chief concern, contingent business interruption is emerging as a renewed threat for insurers.
Underwriters are seeking to limit their exposure to systemic cyberrisks, including by clearly delineating policy limits for losses stemming from IT and non-IT providers.
While claims activity related to the Russian invasion of Ukraine is limited to date, insurers are concerned about increased threats of cyberattacks and possible future claims emerging from the conflict. Multiple carriers are currently revising their war exclusions, with many redrafting or seeking to clarify language in their policies.
Considering annual global cybercrime costs are estimated to reach $10.5 trillion USD, anticipating cyber threats and managing cyberrisk should be a top priority for businesses.
Some Immediate Actions
What can companies do immediately? Proactive measures to ensure compliance with evolving regulatory regimes along with sound cybersecurity systems, protocols and procedures will be vital to mitigating risk, reducing the impact of loss and safeguarding profitability.
Improved security infrastructure: Companies should regularly perform a comprehensive assessment of risks and threats in their IT environment as standard protocol, then have tools and procedures in place to detect threats as well as respond in the case of an incident. Key controls cyber insurers look for to determine coverage eligibility include:
• Encryption of sensitive information
• Multi-factor authentication
• Endpoint intrusion detection capabilities
• Frequent, remote, air-gapped and encrypted
or immutable backups
• Patch management
• Recognizing & replacing unsupported
• Email scanning & filtering
• Authenticating email
• Remote desktop protocol
• Restricting administrative privileges
Additional recommendations include:
• Regularly consider technological improvements, compliance assessments and implementations, and risk transfer mechanisms to improve your complete cyberrisk posture
• Implement regular cybersecurity audit protocols for your company and supply chains
• Commit to and allocate sufficient resources for preventive measures, technological improvements and cyber insurance
• Establish adequate measures to take in the event of a supply chain cyberattack
• Partner with a trusted insurance broker with (1) proven cyber insurance and claims expertise; (2) direct access to every major insurer in the cyber marketplace and the market share to drive buying leverage; and (3) a strategic, long-term approach to managing your cyber insurance program for stability and value over time.
As cybercrime grows, businesses need to deploy enterprise cybersecurity strategies and systems that evolve with it. Lockton’s Cyber & Technology Practice of subject matter experts provides made-to-measure, reliable risk transfer and insurance solutions for companies looking to manage their cyber risks and improve their cyber resiliency.
Heather Wilkinson is SVP, National Cyber Practice at Lockton. Learn more at global.lockton.com.