An increase in ransomware attacks has factored into the deterioration of cyber insurance underwriting performance during the past two years, according to a report from The Geneva Association.
The report – Ransomware: an insurance market perspective – cited research from AM Best that found the overall loss ratio for U.S. cyber insurance rose from 44.6 percent in 2019 to 66.9 percent in 2020, with ransomware accounting for three quarters of claims.
The majority of ransomware claims reflected recovery and remediation costs from a cyber attack, according to The Geneva Association’s report, although claims associated with the reimbursement of a ransom have also increased.
The report added that recent indicators show the claims environment likely won’t improve anytime soon as ransomware remains a key driver of claims activity. With this in mind, cyber insurers’ loss ratios remained elevated in 2021 despite a steep increase in the price of cyber insurance, the report said.
This comes as frequency and severity of ransomware attacks has been on the rise for the past several years, although the number of ransomware attacks did fall in the first few months of 2022. The report attributed this to the outbreak of war in Ukraine and sanctions against Russia that have made it harder for cyber criminals to organize attacks and receive ransom payments.
“This may prove to be a temporary pause, with some cybersecurity analysts observing a noticeable rebound in ransomware activity in Q2 2022,” the report said, citing 2022 research from ZDnet.
Other factors playing into the increase in ransomware activity are the growth of digitalization and reliance on technology among insurers and other businesses, accelerated by the pandemic, according to the report.
“Despite all the benefits of digital technology, the proliferation of ransomware is an unfortunate by-product,” the report added.
While the computer systems of firms like medical institutions and government agencies in the U.S. are targeted most frequently, many small businesses have also been targeted with attacks, the report said, adding that this most likely reflects their limited resources devoted to cybersecurity compared with larger companies.
Contributing to this complex problem is the fact that ransomware methods are constantly evolving, with ransomware operators now using as many as four extortion techniques to pressure victims into paying, the report said. Cyber criminals have also been focused on exploiting weak points and single points of failure in firms’ physical and digital supply chains to spread malware or disrupt critical infrastructure. Reports also show that ransomware threat actors are increasingly recruiting insiders to gain access to a firm’s network. In fact, The Geneva Association report cited research from Hitachi ID Systems that found 65 percent of surveyed IT and security employees received solicitations from cyber criminals to assist in ransomware attacks in 2021 alone.
“Any employee or a third-party vendor with trusted account privileges may be able to instantly distribute ransomware on a network,” the report said. “This represents an especially serious threat to large enterprises with thousands of employees.”
For insurers to tackle the continuously evolving challenge of ransomware and its subsequent impact on underwriting performance, the report said that a multifaceted approach is required. This includes investing in new ways to assess insureds’ cyber maturity and security controls, as well as leveraging premium discounts, co-insurance and retention arrangements to incentivize organizations to adopt essential cybersecurity best practices.
The report added that the cyber insurance industry is uniquely positioned to provide ransomware victims with the resources needed to help them recover as quickly as possible in the event of an attack.
“Cyber insurance can make an important contribution to the overall management of cyber risk,” the report said. “Insurance can positively influence cyber hygiene standards and best practices by promoting awareness about the exposure to ransomware and other cyber crime, sharing expertise on risk management, and encouraging investment in risk prevention and mitigation.”