'Tricks-n-treats' keeping cyber insurers awake this Halloween
2020 has been a hair-raising year for cyber risks.
Skyrocketing ransom demands, a steady stream of fraudulent wire transfers, and a large workforce operating on often less secure home systems are all nightmarish scenarios for cyber insurers.
However, there are three particularly scary trends keeping cyber insurers up at night this Halloween:
1. The devastating knock-on effect of single events. IT managed services providers (MSPs) are increasingly under attack, which means the hundreds of thousands of businesses that rely on them are also being hit with hefty system downtime; in some cases, the loss of sensitive data and the negative reputational impact associated with both. What’s more, hackers also are using these providers as a staging ground to launch ransomware attacks against the many businesses MSPs serve.
2, Spine-chilling trends in ransomware. 2020 hasn’t just seen ransomware cases rise in terms of frequency; it has also been the year of the most severe attacks cyber insurers have seen to date. Partly to blame is the new trend in many ransomware variants to exfiltrate data as well as encrypt it — so even if a business can successfully recover data from backups, if the ransom isn’t paid, the business will have to reckon with the regulatory costs and reputational impact of the release of sensitive data.
3. The creeping rise of cyber insurance claims. Businesses are now more reliant than ever on technology to operate, whether they are using remote networks for home-working during COVID-19, paying suppliers by wire transfer, or storing sensitive data online. Losses are now building against what have historically been very low prices and small portfolios for cyber insurance providers.
All these events are conspiring to make 2020 a hair-raising year when it comes to cyber risk, and as a result, the cyber insurance market is entering a period of readjustment. For an important but still relatively unsaturated line like cyber, balancing pricing with the willingness of businesses to purchase coverage will no doubt be a big challenge in 2021.
Lindsey Nelson is the cyber development leader at CFC Underwriting, where she oversees the global business development strategy across CFC’s cyber portfolio and is responsible for key account management, participation in industry events and providing in-depth education within the business line. Lindsey has nearly a decade of experience underwriting cyber and technology risks, first at Chubb and the as head of CFC’s international team. Her expertise in cyber has made her a sought-after speaker, and she is a vocal champion for women and young brokers in insurance. The opinions expressed here are the author’s own.
This blog post was first published by CFC and is republished here with consent.
Related:
- Pandemic should prompt insurers to reexamine cybersecurity
- Crime insurance failing to keep up with cybercriminal innovation
- 5 cybersecurity events that keep CEOs up at night