How ransomware destabilizes cyber insurance – and what to do about it – Intelligent CIO North America


With the advent of ransomware-as-a-service (RaaS) techniques, double blackmail attacks, and the low cost of ransomware kits, unsustainable loss ratios have rocked the insurance market. Thom Langford, Global Security Advocate at SentinelOne, explains why, to protect against ransomware, companies must stop choosing between investing in a better security stack or purchasing insurance – they must do both.

It used to be relatively easy for companies to get cyber insurance coverage. Indeed, many insurers used cyber policy cash flow underwriting to replenish their books with premiums, and this has generally enabled brokers to get their customers ubiquitous cyber coverage for a good price.

However, aside from discussions about whether this insurance model would ever be sustainable over the long term, the evolving cyber threats are testing the resilience of organizations. In response, cyber insurance providers are becoming more and more familiar with and responding to specific cybersecurity threats, leading to shifts in insurance trends. In particular, the current threat landscape from ransomware means that not only is the cyber insurance bubble bursting, but the entire system is in danger of being completely destabilized.

The threat posed by ransomware attacks is increasing in both volume and monetary value. When REvil operators exploited a bug in the Kaseya VSA software in July, the criminals demanded $ 50 million for the universal decryption key. To put this in context, an estimate of all ransomware extortion payments for 2020 was made based on $ 350 million. One contributing trend is that the pandemic has forced many companies to move to the cloud earlier than expected to support their fast-growing remote workforce, dramatically increasing the vulnerability of many of them to cybercrime.

The cyber insurance bubble is about to burst?

While the need for cyber insurance has never been so clear, given the increased demand from ransomware victims, insurers are not as ready to provide it. Cyber ‚Äč‚Äčinsurance is a relatively new facet of the insurance industry and it seems that insurers only intended it for unforeseen, improbable and novel catastrophic events. But as the industry’s claims ratio rose for the third year in a row in 2020, it rose more than 25 percentage points year-on-year 72.8%, and ransomware events rose 93% in the first half of 2021, something clearly has to change. Ransomware is neither improbable nor new, it has become a standardized threat.

An intensified underwriting process makes life difficult

Unsustainable loss ratios have inevitably led the carriers to step up the underwriting process for cyber insurance. At first glance, they increase the premiums for less coverage and higher deductibles.

Also, if you look closely at the process, freight forwarders become much more vigilant about the controls required to sell coverage, while brokers also report that all insurance markets are demanding higher standards of security. Insurers are asking more and more questions about corporate cyber risk and adding more exclusions. While there is no sign that insured companies want to give up their coverage, if the shippers don’t like anything they find during the underwriting process other than increasing premium or cutting limits, the more likely they will just walk away.

To make it even harder for companies seeking insurance coverage, insurance companies have recognized that they also need to diversify. Businesses exist in a cyber ecosystem and attacks on a business can have a huge impact. For example, a single ransomware attack on a third party could be catastrophic; Freight forwarders who insured many companies with the SolarWinds software would have suffered huge losses from the attack in 2020. In turn, as insurers try to spread their own risk through reinsurance, reinsurers tighten their own policies and reduce coverage.

Organizations seeking coverage need to ensure that their security situation is up to date

The result is that companies need to improve their security posture to both secure insurance coverage and prevent the cyber insurance system from completely destabilizing. During the underwriting process, insurers will be selective about risk and, as mentioned, be ready to leave if something is wrong. As a result, organizations seeking protection need to not only understand the top controls for ransomware attacks from front to back, but also be prepared to make their security stack fully transparent and justify how it mitigates the risk. This level of cyber maturity and leadership skills is not always available in many organizations.

In addition to changing insurance conditions such as price and limits, insurance providers also impose requirements on policies that require compliance with important security measures. For example, some carriers use security controls such as endpoint detection and response (EDR) systems and patching schedules and other requirements to convince themselves of the sustainability of their insurance model.

Besides that, research Notes that companies that see a decrease in ransomware attacks and payment claims by prioritizing prevention and recovery practices will go a long way with cyber insurers to help secure coverage. In return, these companies can implement cyber insurance as another valid part of a solid security risk strategy, making it far more valuable to their business than a simple risk transfer.

Security and insurance cannot be either / or

In the modern ransomware threat environment, two things are certain. To qualify for cyber insurance or renewal, companies’ technology stacks must meet certain high standards. Second, organizations need to transfer some of the risk of a ransomware attack and purchase insurance as an important part of their cyber risk and recovery strategy. The problem is, many companies still view this as an either-or theory that drives losses and, in a vicious circle, further contributes to the dramatic changes in current insurers’ risk assessments.

As with any insurance, uncertainty inevitably leads to higher costs and fewer options. To protect themselves from the ever-evolving ransomware threat, organizations need to stop choosing between investing in a better security stack or insurance – they need to do both now.

Click below to share this article

Source link
#ransomware #destabilizes #cyber #insurance #Intelligent #CIO #North #America

Leave a Reply