Insurance Business Ransomware: The good and the bad for cyber insurers

Ransomware: The good and the bad for cyber insurersThe following opinion article was written by Samit Shah, Insurance Solutions Manager at BitSight, which provides companies with objective, evidence-based security ratings.

Ransomware is one of the fastest-growing cyber threats. The US Justice Department reports that the number of attacks tripled between 2015 and last year, to an average of 4,000 every day.

The rise of ransomware, which encrypts and renders data inaccessible until ransom is paid to unlock it, represents both an opportunity and a serious challenge for cyber insurers.

First, the opportunity. Cyber insurance is a fast-developing but still relatively new business, with approximately one third of companies in the US currently purchasing it. The market has plenty of room to grow, and the ransomware threat gives organizations another urgent reason to protect themselves against financial damage from security breaches.

With many carriers already insuring against ransomware attacks as part of “extortion coverage” included in comprehensive policies cyber insurance, businesses usually don’t have to pay for separate policies to cover this type of hacking. So ransomware gives cyber insurers a fresh marketing peg for their offerings.

Now, the potential problems. The ransomware surge is already starting to result in a higher numbers of claims and, assuming they keep rising, cyber insurers could be vulnerable to some financial risks.

Keep in mind that ransomware claims typically encompass not only the ransom amount, should the victimized organization decide to pay it, but can easily mushroom into an array of other costs related to the attack.

Want the latest insurance industry news first? Sign up for our completely free newsletter service now.

These can include third-party experts the carrier has contracted with to act as breach coaches, negotiators, forensic specialists, and legal and public relations pros. In some situations, these response-related expenses can exceed the amount of the ransom demanded. 

Furthermore, ransomware can trigger even more claims over business interruption losses and liability or regulatory costs. It really is startling how a ransom demand can spiral into so many other costs.

What should carriers do? They should manage their claims operations and third party vendor relationships (to the extent they depend on them) to handle the increasing claims notices and situations. To do this profitably, they may need to increase resources and services to handle these services internally instead of farming them out to third parties or deepening bench strength with third party vendors.

Insurers also need to be concerned about an apparent trend in which ransomware is expanding beyond one-offs – i.e. one attacker hits one business – to penetrations of computer infrastructure used by a broad group of organizations.

This reality hit home in January when it was reported that the popular open-source database MongoDB was targeted in a series of ransomware attacks that left about 27,000 servers compromised. Then, in February, hundreds of open-source MySQL databases were hit in similar fashion.

Providers need to make sure they have a solid understanding of the risk aggregation exposures that such widespread attacks could present.

An additional point insurers should be mindful of: ransomware attackers typically demand payment in the form of Bitcoin, the encrypted digital currency, before restoring data back to normal. Bitcoin values are at a three-year high (one Bitcoin equaled about $1,280 in early March), which means insurers may be on the hook for higher amounts.

It’s possible that some could see loss ratios rise and cyber business line profitability drop as they figure out how to adjust to this environment of profitability challenges and risk aggregation concerns.

Not all cyber insurance companies are alike, and some are going to be affected by the ransomware spike more than others. Carriers that specialize in underwriting policies for small- and medium-size companies or write in the education, government, and healthcare sectors are more likely to see ransomware affecting their profitability and draining resources, for example.

Ransomware attacks are likely to keep rising – it’s simply too easy for a hacker to trick someone into installing malware through a Trojan disguised as a legitimate file – so it’s important that insurers understand what it all means for them.

The preceding article was composed by Samit Shah, Insurance Solutions Manager at BitSight, which provides companies with objective, evidence-based security ratings. The reviews expressed in the article do not necessarily reflect those of Insurance Business.

Related stories:
Chubb to offer identity management services 
Cyberattack on Canadian agencies exposes software vulnerability