Insurers have seen the costs of cyber attacks almost double

hooded hacker
Sheila Zabeu -

August 26, 2022

One way to assess the advance of cyberthreats is to look at a business sector seemingly far removed from this universe-the insurance industry. Although cyber insurance has been offered for 20 years, it has only recently received more attention because of one not-so-pleasant aspect-changes in premium rates and access to coverage.

Large-scale attacks, and their consequent catastrophic losses both financial and operational, are prompting insurers to take steps to limit their levels of risk exposure.

According to a report by the US Government Accountability Office (GAO), more insurance customers are taking out threat coverage – from 26% in 2016 to 47% in 2020. At the same time, insurers in that country have seen the costs of cyber attacks almost double between 2016 and 2019, and as a result, insurance premiums have also increased significantly.

Report Gao

Other important trends in cyber insurance relate to lower coverage limits in high-risk sectors and higher premium amounts. The costs of any class of insurance, including cyber insurance, are based on criteria such as frequency, severity, potential loss and uncertainty about future threats.

GAO reported, industry sources said the higher prices coincided with increased demand and higher losses caused by more frequent and severe cyber attacks. In a recent survey of brokers, more than half of the respondents’ clients saw prices rising between 10% and 30% by the end of 2020.

Regarding coverage limits, industry representatives told the GAO that the growing number of cyber attacks has led insurers to be imposing tighter restrictions for some sectors, such as healthcare and education.

According to the report, both insurers and clients face challenges. For example, developing cyber insurance products can be a daunting task given insurers’ poor access to historical data on losses caused by cyber attacks. For customers, meanwhile, knowing what will be covered by insurance may be unclear because terms such as cyberterrorism do not have a standardised definition.

Insurers are increasingly developing specific policies for cyber risks, rather than considering them in other coverage. This trend may be reflecting demand for more clarity on coverage and limits for cyber incidents. To some extent, for policyholders, these changes may translate into fewer coverage options, stricter criteria and more exclusions.

Insurance gaps

A study conducted by BlackBerry e Corvus surveyed 450 IT and cybersecurity decision makers at companies in the US and Canada and revealed alarming gaps in insurance coverage.

One of the biggest concerns is related to ransomware. The survey revealed that only 19% of companies surveyed have coverage for ransomware cases above the average value of ransomware requests ($600,000). Among small and medium-sized businesses, only 14% have a coverage threshold above that amount.

There are still other, more alarming gaps in cyberinsurance. More than a third (37%) of respondents are not covered for ransom demands in the event of an attack, and 43% are not covered for associated costs, such as legal fees or losses caused by downtime.

Key threats

Representatives from insurance brokers offered by Allianz, Lloyd’s of London, Swiss Re and others have pointed out to The Record website some of the most prevalent cyber threat trends among both large and small and medium-sized customers.

  • Remote Desktop Protocol (RDP), which gives remote access to resources in computing environments, remains a prevalent tool that has led to a substantial volume of compensation claims. Criminal groups have often exploited vulnerabilities in this protocol and some brokerages have recently seen the frequency of RDP-related incidents more than double.

  • Ransomware also continues to generate many cyber insurance claims. According to reports from one particular brokerage, ransomware claims to its policyholders increased by an average of 20% in the second half of 2021, while the number of claims increased by 10%.

  • Even though ransomware attracts a lot of attention, phishing remains the main attack vector in almost half of all compensation claims

  • Good old Microsoft Exchange remains an avenue of exploitation for criminal actors. Vulnerabilities found in the server often give attackers ways to log in as administrator and install malicious software.

  • Open source components also often lack rigorous patch management processes, and ended up affecting several policyholders.