Ransomware claims are roiling an entire segment of the insurance industry

Cyber insurance carriers are raising premiums and limiting coverage in the face of severe ransomware attacks

By Rachel Lerman and  Gerrit De Vynck
The Washington Post | June 17, 2021

The recent surge of ransomware attacks is upending the cyber insurance industry, pushing up the requirements and cost of coverage just as more companies need it.

Ransomware attacks — in which cybercriminals take over an organization’s computer network and demand a payment to hand back control — have increased in frequency and severity over the past two years. According to blockchain research firm Chainalysis, ransom payments from companies increased 341 percent to a total of $412 million during 2020.

“This is a tipping point this year,” said John Kerns, an executive managing director at insurance brokerage Beecher Carlson, a division of Brown & Brown, which sells cyber insurance. “I’ve been in business for 32 years and haven’t seen a market quite like this.”

That is pushing insurance carriers to reevaluate how much coverage they can afford to offer and how much they have to charge clients to do so. Underwriters are demanding to see detailed proof of clients’ cybersecurity measures in ways they never have. For example, not using multifactor authentication, which requires a user to verify themselves in multiple ways, might result in a rejection.

The majority of insurance companies are raising premiums for plans that cover damage from hacks, including ransomware attacks. Prices for at least half of insurance buyers went up 10 percent to 30 percent in late 2020, according to a survey cited by the U.S. Government Accountability Office. In some cases, annual premiums that companies are expected to pay have increased by as much as 50 percent, said Joshua Motta, founder of insurance tech company Coalition.

Many insurers also are restricting how much cyber coverage they can offer or limiting the terms and conditions, several industry executives said. In some cases, that means slashing the amount of reimbursement that can be used specifically for ransomware attacks…


To read the entire article by By Rachel Lerman and  Gerrit De Vynck, visit The Washington Post: Ransomware