Cybercrime claims by policyholders outside the healthcare sector nearly doubled in 2018, led by financial fraud, often phishing schemes that lead to payments or wire transfers to criminals posing as clients or business partners, NAS Insurance said in a new report.

The Los Angeles-based speciality underwriter said in its 2019 Cyber Claims Digest that hacking, ransomware and phishing attacks were the leading causes of cyber losses among non-healthcare policyholders last year. For policyholders in the healthcare industry, hacking and ransomware were also the leading causes, but rogue employees instead of phishing ranked as the third most common cause.

NAS said ransomware criminals became more greedy than ever in 2018. The carrier said it resolved more than 90 ransomware incidents in the past two years. Payment demands averaged over $30,000 (in a variety of currencies), and the cost of negotiating and paying cryptocurrency demands often tripled or quadrupled the cost of resolving the issue, with those expenses sometimes surpassing $70,000.

In early 2019, NAS said it has seen a huge shift. In three separate events, ransom demands ranged from $100,000 to $1.2 million. The carrier said a broader study by the NetDiligence Insurance Industry Cybercrime Task Force also reported that carriers are receiving much higher ransom demands.

The NAS report highlights a claim involving the “Ryuk” ransomware virus. An employee opened an email that transferred the virus to the policyholder’s servers in the U.S. and Canada. It is believed 660 servers were affected. NAS said the cyber criminals demanded 130 bitcoins worth approximately $540,000 in ransom, but its forensics team negotiated a lower ransom of $425,000.

NAS reported separately on healthcare policyholders because the data for that portion of its book was significantly different. The carrier said cyber claims against healthcare sector policyholders increased only 2 percent and the costs of those claims were lower in each category.

However, NAS pointed out that it incurred extraordinary costs among healthcare policyholders in 2017 due to several breaches that affected hundreds of thousands of patients, increasing costs for notifying victims, setting up call centers and credit monitoring.

“In 2018, while the number of breaches increased, the universe of affected individuals decreased 34 percent,” the report says.

For non-healthcare customers, the 38 percent increase in the number of cyber claims came along with an increase in the cost of responding to them. Forensics costs were up 105 percent, call center costs were up 98 percent, notification costs increased by 107 percent and breach coach costs were up by 72 percent, NAS said. Credit monitoring costs decreased by 1 percent.

“While in years past we’ve seen a growing frequency of ransomware claims, the costs to recover and the demands for payment were not nearly as concerning as what we’ve seen so far this year,” the report says. “In particular, we see growing frequency of the ‘Ryuk’ virus infecting our insureds’ environments, and the ransom demands are often 10X what we’ve seen in years past.”

Source: NAS Insurance

*This story ran previously in our sister publication Claims Journal.