The increase in the frequency of ransomware attacks, as well as the rise in the demanded ransom amounts is causing cyber insurers to change tactics to limit their risk.
I’ve been watching and covering the evolution of the business of ransomware for quite some time. And recent developments – such as the increase in ransomware attacks by 715%, the growing normality of million dollar ransoms being demanded, and the possible inability to pay the ransom due to sanctions from the US Department of Treasury – all put a burden on organizations to protect their data.
So, organizations like yours try to offset some of that risk onto insurers with cyberinsurance policies that protect against such attacks. But insurers are in business to stay in business, which means even they need the math to make sense to issue a policy.
According to S&P Global’s Market Intelligence, policy underwriting is becoming far more strict, and policy costs are on the rise. Lloyd's of London insurer Beazley traditionally had insurance premiums increasing 5% a year. But recent increases are more in the 15% to 25% range and should be expected as such through 2021. Cyber insurer Marsh has also seen premium jumps to as much as 10.5% higher as well.
With the threat of ransomware not just being a disruption event, but also becoming a data breach event, cyber insurers are looking at ways to still offer policies, but obviously in a way that keeps themselves in business.
I’ve written before on cases where organizations thought they were covered and got bitten by not reading the policy fine print. The only way to truly protect the organization is to prevent an attack from happening. Security Awareness Training plays a role in maximizing your organization’s chances of avoiding becoming a victim by engaging your employees to understand the nature of cyberattacks, their role in the organization’s cybersecurity stance, and what they can do to stop an attack.
