insurance brokers and risk management specialists
Lincoln Office: 01522 814488
Head Office: 01777 869 900

Request a Quote

Looking for a free second opinion or an alternative quotation for your commercial insurances?

get a free quote

Cyber Insurance Comes of Age

Article posted Monday 4th March 2019

2018 in review

Cyber liability insurance continues to be at the cutting edge of business risk and insurer response.

The number of would be Hackers and Cyber Thieves continues to grow and the sophistication of their attacks is increasing.

Non-malware fileless attacks that do not require hackers to directly breach systems are ten times more likely to succeed than file-based attacks. They use legitimate applications, or even the operating system, and as they do not install new software on a user’s computer, antivirus tools are more likely to miss them.

Cyber thieves are also raising their game and setting their sights higher by shutting down systems and demanding more expensive ransoms.

2017 witnessed a wave of ransomware threats in the forms of WannaCry, Petya and NotPetya and malware attacks that infected computer systems in over 150 countries and brought operations to a halt across numerous sectors, including universities, hospitals, shipping companies, and governments.

The exact losses associated with these events may never be known but estimates for the WannaCry attack stand at $4 billion, the NotPetya attack at $10 billion and some estimates suggest that the Petya loss was 10 times that of WannaCry.

Unsurprisingly the demand for cyber insurance is growing and notwithstanding such high-profile cyber-attacks the number of insurers in the market is also on the increase.  However, with so many insurers now crowding the market the demand for an Insurance Broker with sector expertise and experience, who can sort the wheat from the chaff, has never been higher. 

The last 12 months has seen cyber liability risk ramping up for insurers and their clients.

Increased Frequency and Severity of Ransomware Attacks

The most common cyber breaches are ransomware attacks and the increase in their growing frequency and severity is a cause for concern. When ransomware attacks first appeared, most ransom demands were low enough to avoid a police investigation typically, &250. However, in 2018 the industry saw ransom demands increase to an average of around &25,000 to &35,000.

Increasingly More Sophisticated Thieves

Hackers have moved on from merely hacking into systems to using sophisticated reconnaissance on individuals within a company to breach security measures for financial gain.

A Tougher Regulatory Environment

The General Data Protection Regulation (GDPR) took effect in May 2018, putting pressure on companies to protect data.  As ransomware attacks increase, so does the risk of ripping customer and company data and the fines imposed by the Information Commissioners Office are punitive.

The Evolving Market

The increasing number of Cyber Insurers has improved the scope of policy cover and the availability of risk management and claims response services.

Expanded coverage

Insurers are improving policies to meet more pain points for their clients. Wordings are appearing which include cover for things like system failures, social engineering losses, consequential reputational loss and hardware loss. Typically, a good cyber insurance policy will cover:

  • Cyber incident response costs including IT forensics, legal, breach notification and crisis communications
  • Cybercrime (including social engineering, theft of personal funds, cyber extortion, ransomware attacks and unauthorised use of         computer resources through cryptojacking or botnetting
  • System damage and business interruption including full data re-creation, income loss and additional expenses, consequential          reputational harm and hardware repair and replacement
  • Network security and privacy liability including management liability arising from cyber events and regulatory fines and penalties
  • Media liability including defamation and intellectual property rights infringement
  • Technology errors and omissions
  • Court attendance costs

Risk Management offerings

Insurers are increasingly offering pre-breach and post-breach cyber risk management services such as network vulnerability scanning, penetration testing of the network both internally and externally, cyber risk rating reports, cyber breach alerts, cyber risk awareness training and assistance with cyber incident response planning.

Claims response

As an increasing number of claims are surfacing, insurers are recognising the advantage of swift engagement through cyber incident response teams, consisting of expert cyber incident responders and specialist cyber claims handlers, that can be accessed 24/7.

What lies in store for 2019?

Whilst ransomware continues to carry a significant threat, recent months have seen the emergence of ransomware-as-a-service platforms (RaaS) such as GandCrab, Saturn, and Data Keeper that are helping criminals with little or no technical expertise launch quick and easy attack campaigns in exchange for a cut of the profits.

The emergence of these new operations shows there is still money to be made in ransomware and as long these attacks find vulnerable victims, they are unlikely to go away any time soon.

On a positive note the availability of ever improving insurance coverage, risk management and claims response is also likely to evolve.

Cyber Insurance is increasingly being viewed as need to have, rather than nice to have and companies should work with an experienced and expert Insurance Broker to understand their risks and put sound risk management and cyber coverage in place to help decrease their exposures.

In order to discuss your Cyber Liability Insurance and/or Risk Management requirements please speak with your usual Franklands contact.


Share this story