Ransomeware Insight From the Washington Post

Ransomware claims are roiling an entire segment of the insurance industry

Cyber insurance carriers are raising premiums and limiting coverage in the face of severe ransomware attacks, just as organizations are clamoring for more protection

By Rachel Lerman and Gerrit De Vynck
Published June 17, 2017 | The Washington Post

The recent surge of ransomware attacks is upending the cyber insurance industry, pushing up the requirements and cost of coverage just as more companies need it.

Ransomware attacks — in which cybercriminals take over an organization’s computer network and demand a payment to hand back control — have increased in frequency and severity over the past two years. According to blockchain research firm Chainalysis, ransom payments from companies increased 341 percent to a total of $412 million during 2020.

“This is a tipping point this year,” said John Kerns, an executive managing director at insurance brokerage Beecher Carlson, a division of Brown & Brown, which sells cyber insurance. “I’ve been in business for 32 years and haven’t seen a market quite like this.”

That is pushing insurance carriers to reevaluate how much coverage they can afford to offer and how much they have to charge clients to do so. Underwriters are demanding to see detailed proof of clients’ cybersecurity measures in ways they never have. For example, not using multifactor authentication, which requires a user to verify themselves in multiple ways, might result in a rejection.

The majority of insurance companies are raising premiums for plans that cover damage from hacks, including ransomware attacks. Prices for at least half of insurance buyers went up 10 percent to 30 percent in late 2020, according to a survey cited by the U.S. Government Accountability Office. In some cases, annual premiums that companies are expected to pay have increased by as much as 50 percent, said Joshua Motta, founder of insurance tech company Coalition.

Many insurers also are restricting how much cyber coverage they can offer or limiting the terms and conditions, several industry executives said. In some cases, that means slashing the amount of reimbursement that can be used specifically for ransomware attacks.

Overall, ransomware claims have increased by upward of 300 percent in the past year, Kerns estimated. At the same time, the GAO study shows that companies are increasingly opting to buy cyber insurance — large insurance broker Marsh McLennan told the agency that 47 percent of its eligible clients decided to get the coverage last year, compared with 26 percent in 2016.

Adding to the chaos is the fact that hackers themselves are sometimes targeting companies specifically because they have insurance, according to James Turgal, a former FBI agent who is now a vice president at Optiv, a cybersecurity firm that advises companies on how to deal with hacks…[More]


To read the full article by Rachel Lerman and Gerrit De Vynck, visit: Ransomware claims are roiling an entire segment of the insurance industry