A cybersecurity crisis emerged as a result of the 2020 global health crisis as cybercriminals posed an increased threat to the safety of individuals and organizations. Experts are seeing an uptick in cyber threats as workforces continue to move to the digital landscape.
Increased Individual Attacks
In 2020, cybercriminals capitalized on fear surrounding the pandemic by producing COVID-19-related scams that trick victims into opening malicious links and attachments. Cybercriminals create fake COVID-19-related content, such as local and regional health updates, or knowledge of cures and treatments. The pandemic has created an opportunity for cybercriminals to exploit human curiosity and concern, which has led to an increase in cyberattack victims.
There’s also been an increase in phishing scam campaigns where cyber threat actors craft convincing copies of government websites and official correspondence. These attacks prey upon populations who are anxious and less likely to be skeptical of emails and other links regarding COVID-19.
Increased Organizational Attacks
As cybercriminals continue to exploit the human vulnerability and individual fears surrounding COVID-19, the sudden increase in organizations with employees working from home has allowed cybercriminals to capitalize on cloud-based technologies that didn’t exist before. Research has found that companies became less secure in 2020 due to hastily deployed remote work solutions.
The Canadian Centre for Cyber Security predicts that ransomware will continue to target health care and medical research facilities as the global health sector continues to mitigate the COVID-19 pandemic. Cybercriminals taking advantage of the health crisis have the ability to jeopardize patient outcomes and public health efforts.
Another ransomware trend that emerged in 2020 is known as “double extortion,” where cybercriminals maximize their chance of a profit by threatening additional abuse of the compromised data, including auctioning or selling it.
It’s more important than ever that organizations take a proactive approach to their cybersecurity measures as well as educate employees on the risks of cyber threat activity.
Increasing Frequency and Severity of Losses
According to our Assurex Global partner, Woodruff Sawyer, ransomware might seem like the only type of security incident you hear about these days, but that’s for good reason. The impact on companies of every industry and size has been profound. Coveware, a ransomware negotiation, and response firm, reports that the average ransom payment increased from an average of $84,116 in the fourth quarter of 2019 to an average of $154,108 in Q4 2020—an 83% jump in just one year.
Insurance carriers have seen similar trends, with cyber insurance leader Beazley reporting that the total cost of ransom payments doubled from the first half of 2019 to the first half of 2020.
When you look at the specifics of cyber insurance coverage, it’s easy to see how the tactics of modern-day cybercriminals are influencing these loss trends. The primary insuring agreement that responds to a ransomware event will be the cyber extortion coverage. This insuring agreement covers the actual ransom payment to an attacker and can also include any related computer forensics and legal expenses incurred by the victim company.
But today’s cybercriminals are unsatisfied with just encrypting a victim’s network and demanding a ransom payment. Coveware reports that in the fourth quarter of 2020, 70% of ransomware cases included an element of data exfiltration. For many companies, this data exfiltration can include personally identifiable information of consumers, triggering another element of a cyber liability insurance policy—the data breach insuring agreement.
Stricter Underwriting Requirements
Many carriers will now decline to offer terms for companies that do not meet the minimum or sometimes even the baseline protection highlighted above. Additionally, underwriters are focused on strong answers to multi-factor authentication (MFA) controls, end-point detection and response tools, and segregation of backups.
Furthermore, carriers are no longer simply taking your word for having some of the technical controls in place to suppress cyber threats. Most cyber insurance carriers now perform external scans of a prospective customer’s network both to confirm you have specific controls in place and to identify any known vulnerabilities present on your network, says Dan Burke of Woodruff Sawyer.
Companies need to be prepared to share a large amount of data on their exposures as well as the controls they have in place to prevent or mitigate a cyber threat event.
For the best results, be ready to start the renewal process early. Work with your broker to prepare comprehensive submission materials, highlighting your investments in cybersecurity and how you improved your processes from the prior year. Just like having baseline protections in place through cybersecurity controls, this advance planning may be the only way to ensure you can qualify for insurance at all.
For further information or to seek advice about specific cyber liability situations, please do not hesitate to reach out below.