Ransomware attacks have increased significantly and are creating challenges for SMBs (small and medium-sized businesses) and for their Cyber Insurance Insurers.
Ransomware attacks have increased by 486% over the prior three years, and by one measure 2020 ransomware events increased 100% over 2019 (here, here).
Cyber-security firm Emsisoft sees a roughly 12.4% jump in victims saying they were hit last year, compared with 2019. The amount of ransom being demanded nearly doubled in 2020, according to Group-IB… Premiums for standalone cyber policies were up 28% in 2020 compared to a year earlier and have increased about 76% since 2016, according to ratings firm AM Best. (see here)
Ransomware attacks increased 485% in 2020 globally, according to Bitfdefender, accounting for nearly one-quarter of all cyber incidents, with total global costs estimated at $20 billion, per Purple Sec… The average ransom payment in 1Q21 [was] $220,298, up 43% from 4Q19, according to Coveware. (see here)
No type of organization is free of ransomware exposure, but some types of businesses have a higher rate of attack:
Professional services firms, such as small law and financial services firms, are popular targets of ransomware attacks as they typically possess valuable personal identifiable information, payment data, or intellectual property. Cyber attacks against schools, local government healthcare providers more than doubled to 2,354 in 2020 from 966 in 2019, according to Emsisoft. (see here)
How bad can it get? What could happen? Here are a few ransomware examples:
- A municipality is crippled (here).
- A hospital cannot access medical records and is forced to turn away patients (here, here)
- Database users data is being stolen and held for ransom payments (here)
- A school district may be subject to an attack (here)
- Colonial Pipeline (here)
And we may be facing a perfect storm for continued ransomware attacks, according to an article in ZDNet (here). Key factors include:
- Criminals can easily obtain ransomware malware (ransomware as a service).
- Companies are increasingly paying ransom demands; a contentious issue (here, here, here, here).
- SMBs are increasingly vulnerable to a wide range of attacks, including phishing attacks and increased vulnerabilities from WFH.
As a result of the increasing attacks, the Cyber Insurance market is hard and getting harder. Increases in the number and severity of attacks has resulted in tightened underwriting, reduced coverage and rate increases. One example of reduced coverage is a reduction in sub-limits for specific coverages, such as a reduced ransomware sub-limits. In addition, some insurers are adding active pre-coverage and concurrent risk management resources such as scanning for threat vulnerabilities.
Despite the difficult market conditions, Cyber Insurance is available at competitive pricing for organizations that have taken steps to tighten their cyber security. Proactive steps to reduce exposures combined with Cyber Insurance can greatly reduce financial and operational exposure to cyber risks, and pricing. Make sure you have the right Cyber Insurance.
Try our online Cyber Insurance Quoting Portal for same day quotes. We look forward to working with you!