X-Industry

Despite improving preparedness, US small businesses are still highly vulnerable to cyber incidents.  A recent report by Hiscox USA indicates that while the small business segment paid less to respond to a cyber incident this past year, it was offset by increased attacks and breaches.

In its annual cyber readiness report, Hiscox revealed the median cost of cyber-attacks decreased for small businesses in the US from $10,000 in 2022 to $8,300 in 2023. At the same time, the median number of attacks

Amid the steady onslaught of costly ransomware and other attacks, cyber insurance is more important than ever for businesses.  A company can implement proper security controls and meet regulatory mandates, but breaches still happen and when they do, cyber insurance can be a vital tool to help a business recover quickly.  However, it's also becoming more expensive, complicated and challenging to get.

According to Fitch Ratings, cyber insurance is the fastest-growing segment of the US property/ca

In a world driven by connectivity and digitalization, the maritime industry is not immune to the growing threat of cyberattacks.  A recent report by Thetius, law firm HFW, and maritime cybersecurity company CyberOwl reveals a sobering truth: the average cost of a cyberattack in the maritime sector has soared to $550,000, a threefold increase from $182,000 in 2022.  Moreover, ransom demands have skyrocketed by more than 350%, with an average payment of $3.2 million, up from $3.1 million the previ

Pick your industry and you will quickly conclude that cyber-attacks on their systems are an empirical threat to commercial and industrial operations.  Cyber risk now slices through almost every type of business activity, and the maritime industry is no exception.  According to US Coast Guard Cyber Command statistics, maritime cyber incidents increased 68% in 2021 alone.

Cyber-insecurity not only poses increased risks to maritime operations but also to general planning, which more and more has be

The German IT service provider BITMARCK announced on 30 April it had taken all its systems offline due to a cyberattack.  The incident impacted statutory health insurance companies that have their IT operated by BITMARCK.  The company immediately reported the incident to the responsible authorities.[1]

The company did not disclose details about the attack, it launched an investigation into the incident with the help of external cybersecurity experts.

“BITMARCK has identified a cyber-attack.  Our

As the Captain of your ship, you are standing on the bridge and the course is being monitored on a digital display. The course shows a heading of north, yet the ship continues to turn west. On the computer screens in the dark wheelhouse, everything looks normal, but outside your window, the land is coming dangerously close! What is happening? You do not want to run aground, or worse collide with the pier or other vessels.

Down in the engine room, the engineers report back to you via radio that e

If you have ever sat and read an entire insurance policy, you are fully aware of the use of specific words and definitions and how the words apply to the coverage.  The definition of “war” and “cyber-war” are at issue.  Property policies' war exclusions were designed to apply to any type of nation-state attack, including cyber events, insurers told a New Jersey appellate panel on 8 February in a battle over whether Merck has coverage for $1.4 billion in losses stemming from the 2017 NotPetya cyb

The ramifications from the 2017 NotPetya attack, which the US government said was caused by a Russian cyber-attack in Ukraine, continues to be felt worldwide as now cyber insurers are modifying coverage exclusions; that is - expanding the definition of these attacks as an "act of war."  This 5-year-old cyber-attack appears to be leading the insurance industry on its head.

Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with fa

It is never easy to negotiate with criminals, especially in the cyber-world we live in.  Organizations that fall victim to a ransomware attack should never let the cyber criminals know they have cyber insurance, because if the attackers know that their victim holds an insurance policy, they are more likely to outright demand the ransom payment in full.  Criminals are smart and cunning.

Cybersecurity researchers recently examined over 700 negotiations between ransomware attackers and ransomware v

The prevalence of ransomware has had a devastating impact on businesses over the past few years, with insurance underwriters seeing increasingly large ransomware payouts.  As a result, some core cyber security hygiene fundamentals are being required by insurers to qualify for coverage.   Many companies wrongly assume that having backups in the cloud can prevent or reduce the impacts of a ransomware attack.   For example, secure cloud backup has become a hard and fast requirement. Most cyber insu

Recently, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered.

Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiati

The world has entered a new era of cyberattacks.  There have been decades of viruses, breaches, and other forms of attack, last year saw increased hacker sophistication, the propensity to pay in ransomware cases, and a broad swath of geopolitical uncertainty conditions that hackers have found favorable.

The forecast for any organizations seeking or renewing cyber insurance is looking grim.

• 25% average premium increase.
• Ransomware/extortion coverage limitations-lower limits and coinsurance.
• Insu

US insurance leader Geico says hackers stole driver's license numbers from its website after they supplied personal information that they had acquired elsewhere.   The driver's license numbers are believed to have been used "to fraudulently apply for unemployment benefits," Geico reported.  Unemployment fraud has skyrocketed since Covid.

The US Labor Department's Office of the Inspector General estimated that between April and September 2020, as much as 10% of the $360 billion spent as part of t

One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021.  The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.

Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US.  It employs about 5,800 workers and