Insurance companies cut cybersecurity coverage amid surge in ransomware attacks
Insurance companies are cutting the amount they cover in cybersecurity policies amid a rise in ransomware attacks over the past year.
The increase in attacks is well known: an October report found that ransomware attacks targeted 64% of businesses. Cybersecurity insurance was also on the agenda at a White House summit in August.
Reuters reported that European and American insurers operating in the Lloyd’s of London market were able to charge higher premium rates to cover ransoms, repairs of hacked networks, business interruption losses and even public relations costs for repair reputational damage, but the increase in fees goes no further. In response to the increase in attacks, insurers are now halving the amount of cyber insurance coverage they provide.
“Insurers are changing their appetites, their limits, their coverage and their rates,” Caspar Stops, head of cybersecurity at insurance company Optio Group Ltd, told Reuters. “The limits have been halved – where people were offering £10m ($13.5m), almost everyone has been reduced to five [million].”
The trend is not necessarily new either. American International Group Inc. announced in August that it was tightening the terms of its cyber insurance. These reductions included reduced payouts and higher terms and conditions for making claims. The company cited at the time “growing cyber loss trends, the growing threat associated with ransomware, and the systemic nature of cyber risk in general.”
The situation then worsens. Reuters, citing industry sources, also says Lloyd’s of London, which covers around a fifth of the global cyber insurance market, is discouraging its union members from taking up new cyber business next year.
Although cyber insurance is being promoted by figures like the White House, the increased adoption of cyber insurance could conversely lead to the rise of ransomware. It is claimed that ransomware gangs can check if potential victims have policies that make them more likely to pay.
“Ransomware payments are spiraling out of control and insurance is one of the driving factors in this new phase of attacks on businesses,” said Jake Moore, cybersecurity specialist at cybersecurity firm ESET spol sro. says TechRadar. “When payments are made, the ransomware business cycle continues and even accelerates, which means that more businesses will inevitably be attacked.”
Last monthan analysis by the US Treasury Department’s Financial Crimes Enforcement Network estimated that the companies had paid ransoms of $580 million in the first six months of this year.