The world has entered a new era of cyberattacks. There have been decades of viruses, breaches, and other forms of attack, last year saw increased hacker sophistication, the propensity to pay in ransomware cases, and a broad swath of geopolitical uncertainty conditions that hackers have found favorable.
The forecast for any organizations seeking or renewing cyber insurance is looking grim.
- 25% average premium increase.
- Ransomware/extortion coverage limitations-lower limits and coinsurance.
- Insurers actively culling books of business.
- Declinations for RDP or lack of MFA
- Longer applications seeking more detail and proof training and 3rd party monitoring.
The severity of financial consequences has been profound. Ransoms have increased from five-figure price tags into the millions are now routine. Several ransom demands were far higher before being negotiated downward by professional cyber threat negotiators. Facing the prospect of major financial fallout from an attack, C-suite members around the world have turned to cyber insurance. Insurers are issuing more policies, and the amounts of protection available are increasing.[1]
The momentum that has propelled the sector this far may be waning. The cyber insurance sector may still be in its infancy, but there are signs that it has reached a plateau. There are a few likely causes for this slowed growth. On the demand side, despite the spate of cyberattacks, some companies are buying less cyber insurance or not buying any at all, as economic strain from Covid-19 has caused some to look at cyber insurance as a luxury. While more attacks could stimulate demand, they also create a supply problem, making insurers warier of providing cover and reinsurers (who provide insurance for insurance providers) less interested in backing cyber liabilities. In addition, the lack of historical loss data (resulting from the sector’s short history) adds another layer of unpredictability for all involved.
This is an important moment for the future of the sector. The cyber environment is delicate, given the combination of threat volatility, recent losses, and a nascent commitment that could be reduced or withdrawn by the insurers in the space. A wave of cyberattacks with massive insurance industry implications likely would not pose a solvency threat, but a worst-case scenario coming to pass could result in structural changes to the cyber class of business or even an insurance industry that is less interested in cyber. That could then result in the loss of an important risk management lever for C-suite members and boards with significant technology exposure that are most major and mid-sized companies.
The problem that most companies face is in determining how much cyber insurance they need. But it is difficult for insurers to understand demand when the buyers themselves are still trying to figure out both their exposure and their buying appetites. What happens when organizations are advised to not pay ransoms of any amount or have the payment forbidden by governments?
Insurance company CNA's apparent decision to pay attackers a $40 million ransom and Colonial Pipeline Co.'s payment of a $4.4 million ransom is stirring debate over whether such payments should be banned under federal law. Bloomberg News reported last week that Chicago-based CNA had paid the hefty ransom. Meanwhile, Colonial Pipeline CEO confirmed recently that the company had paid a ransom on 07 May 2021 after discovering an attack using DarkSide ransomware that led the company to temporarily shut down its fuel pipeline serving the East Coast.
CNA reported being victimized by a "cybersecurity attack" on 23 March 2021 that caused a network disruption and affected certain systems, including corporate email. The attack led the company to disconnect its systems, including taking down its website. CNA later confirmed it had been victimized by ransomware. CNA has not confirmed it paid a ransom.
Those supporting a federal law banning ransom payments argue that once criminal groups know it is unlikely their ransom demands will be met, they will wind down their ransomware attacks. But opponents of such a ban argue that it would be "regulatory overreach" and increase risks, because, for some ransomware victims, the payments may represent the only practical way to regain access to data, resume operations and avoid the publishing of stolen data.
And some argue that requiring those making ransom payments to report those payments to regulators would be preferable to an outright ban. With many organizations in sectors typically favored by ransomware operators (for example, healthcare, local government, or education) vastly increasing their use of and reliance on remote IT services, victims may be more inclined to pay to restore services than under 'normal' conditions."
Red Sky Alliance has been analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge.
What can you do to better protect your organization today?
- All data in transmission and at rest should be encrypted.
- Proper data backup and off-site storage policies should be adopted and followed.
- Implement 2-Factor authentication-company-wide.
- For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Recommend/require cybersecurity software, services, and devices to be used by all at-home working employees and consultants.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice, however, external threats are often overlooked and can represent an early warning of impending attacks.
Red Sky Alliance can provide both internal monitorings in tandem with RedXray notifications on external threats to include botnet activity, public data breaches, phishing, fraud, and general targeting. Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.
Interested in a RedXray subscription to see what we can do for you? Sign up here: https://www.wapacklabs.com/RedXray
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
[1] https://www.helpnetsecurity.com/2021/01/26/cybersecurity-investments-2021/
Comments