The top three scariest cyber trends
This Halloween, it's not only vicious clowns and creepy poltergeists keeping cyber insurers up at night...
What are nightmares made of, you ask? Skyrocketing ransom demands, a steady stream of fraudulent wire transfers, and large workforce operating on what are often less secure home systems are all conspiring together to make 2020 a hair-raising year when it comes to cyber risk.
But what things in particular are giving cyber insurers goosebumps? Here are the top three scariest trends:
The devastating knock-on effect of single events
Systemic risk is a concern for many lines of insurance, and the cyber market is not immune. In 2017, for example, the NotPetya cyber attack caused mayhem around the world, knocking out systems as wide-reaching as Danish shipping company Maersk, US food company Mondelez International, and the Cadbury's Chocolate Factory in Hobart, Tasmania. This nation-state attack was targeting Ukraine, but it still had a catastrophic impact on hundreds of businesses globally.
This year, the knock-on impact of one-off cyber events is again being felt acutely. IT managed services providers (MSPs) are increasingly under attack, which means all those hundreds or thousands of businesses who rely on them are also being hit with hefty system downtime, in some cases the loss of sensitive data, and the negative reputational impact associated with both. What's more, hackers are also using these providers as a staging ground to launch ransomware attacks against the many businesses they serve.
With this in mind, MSPs should be particularly vigilant when it comes to putting the appropriate cybersecurity measures in place. And businesses who outsource parts or all of their IT should also ensure that they are making their own regular backups and storing them offline.
Spine-chilling trends in ransomware
One of the very scariest cyber threats this year may be the terrifying rise of ransomware attacks. But 2020 hasn't just seen ransomware cases rise in terms of frequency, it has also been the year of the most severe attacks we've seen to date, with ransom demands soaring into the hundreds of thousands and even millions of dollars in some cases.
Partly to blame is the new trend in many ransomware variants to exfiltrate data as well as encrypt it. This means that even if a business can successfully recover data from backups, if the ransom demand is not paid, that business will have to reckon with the regulatory costs and reputational impact of the release of sensitive data.
CFC's cyber claims data from the last 12 months reflects this. Globally, ransomware attacks accounted for 31% of our claims by frequency. However, these events accounted for 73% of what was paid out, making them disproportionately severe.
Ransomware is a cyber risk that cyber insurers, brokers, and businesses everywhere are going to need to grapple with in the coming year.
The creeping rise of cyber insurance claims
Cyber insurance coverage has historically been incredibly broad, with the intention to cover the major exposures associated with cybercrime, business interruption, privacy, and more. Because it is still an emerging line of cover, it has also been very competitively priced for years.
However, businesses are now more reliant than ever on technology to operate, whether they are using remote networks for home-working during COVID, paying suppliers by wire transfer, or storing sensitive data online. Losses are now building against what has historically been very low prices and small portfolios for cyber insurance providers.
What does this mean, you ask? Just like other lines of insurance must do from time to time, the cyber insurance market is entering a period of readjustment. For an important but still relatively unsaturated line like cyber, balancing pricing with the willingness of businesses to purchase cover will no doubt be a big challenge in 2021.