New reports in cybersecurity are creating consternation, suggesting that insurance companies are having trouble protecting their clients from the ravages of ransomware attacks.
A.P. Technology Writer Frank Bajak reports this type of digital attack constitutes 40% of cyberattacks that happened last year, and that malicious actors like REvil are having an outsized effect on the cybersecurity market.
For one thing, it’s getting more expensive just to get covered: cybersecurity premiums, Bajak reports, were up 29% in January.
The larger sea-change, though, according to analysts, is that where insurers used to reimburse for ransoms, they are now less likely to suggest that a payout is appropriate, and unlikely to fully reimburse clients for the costs of paying ransoms.
Among some of the top strategies employed by the cybersecurity insurance companies are the use of deductibles, partial payments and decreases in coverage to cover their bottom lines.
Insurers might also be more likely to scrutinize clients by doing a “dark web scan” or other kinds of research prior to issuing a policy – and look out for those returns from underwriting!
The Government Accountability Office has stated that “the extent to which cyber insurance will continue to be generally available and affordable remains uncertain.”
Insurers are feeling that uncertainty, too.
“Measuring the full financial impact of ransomware is difficult because we lack market-wide statistics similar to those gathered from data breaches, where reporting to the authorities is required,” write staff members at The Hartford.
But there are solid indicators of the kinds of trouble emerging on the horizon: an SEC filing from CNA noted by Bajak is another example of how the industry is cratering under the pressure of blossoming ransomware ops: as a portable and agile type of cyberattack, ransomware is really becoming a scary threat for anyone with a significant network operation.
The best protections, many analysts say, are full backups. If ransomware attackers take data that is already backed up securely somewhere else, their demands for ransom are toothless.
Keep following the reality in cybersecurity to understand what some of your favorite companies face – especially the ones that you are invested in!