The rise in costly cyber attacks, especially those involving ransomware, is stressing the cyber insurance industry and leading companies to invest in more sophisticated security solutions.
The surge in ransomware attacks against businesses of all shapes and sizes in 2021 has led to more organizations seeking out a specific type of insurance to deal with cyber threats.
However, due to the economics of insurance, higher demand and increased volatility is leading to an industry teetering on the edge of disaster. In some cases, insurers that have offered cyber insurance in the past have either increased premiums or halted selling the product altogether.
SEE ALSO: Continuous Intelligence Insights
According to cybersecurity company SonicWall, ransomware attacks increased by 150 percent in the second quarter of 2021 and there are signs that attackers are aiming to exploit lower level targets in 2022, potentially increasing the amount further.
The average ransomware payment also increased by 82 percent in 2021 to $570,000, according to Palo Alto Networks. So not only are insurers dealing with a market with more threats than ever before, but also one where the median payout is much higher than it was a few years ago.
To meet the demand and heightened volatility, some insurers have increased their cyber insurance premiums by 25 to 75 percent. Others have lower the amount of protection provided and added security audits to ensure the organization has basic security against attacks.
According to head of property claim services at Verisk, Tom Johansmeyer, one of the few areas of growth for the cyber insurance industry is reinsurance, which is the insurance that insurers buy. However, the share carried by reinsurers has increased to 45 percent a few years ago to 55 percent now, making it a more volatile market for them as well.
One solution, provided by Johansmeyer, is a large amount of capital deployed in the right areas to support cyber insurance providers during a time of higher volatility and potential cyber catastrophes, which may happen in 2022.
Another, which saw some credence in the Kaseya attack in 2021, is diplomatic efforts to root out the main ransomware actors, who are often located in Russia or Eastern Europe. The Russia-Ukraine war has put an end to the possibility of Russia helping the U.S., but pressure could still be put on other European countries, which harbor major ransomware groups.
There is also a hope that we are at a turning point, where organizations start to take security threats more seriously. There were quite a few large scale ransomware attacks in 2021, which may have brought more clarity to the issue and forced business leaders to invest in cyber insurance or more sophisticated security.
