Insurers Turn to Technology to Combat Claims Epidemic as Criminals Offer Ransomware on Subscription
Cyber risks are potentially outpacing natural catastrophes and business interruption as insured risks.
The world of cyber crime is a murky one, with insurers offering protection against these attacks often playing catchup in a rapidly changing world.
Indeed, the latest Allianz Risk Barometer has ranked cyber incidents as the number one risk facing organisations globally — with Allianz estimating cyber attacks cost businesses some $20 billion in 2020, a figure that is expected to rise to $265 billion by 2031 according to Cybersecurity Ventures.
This puts cyber risks ahead of the likes of business interruption and natural catastrophes, with the growing threat from ransomware cited as one of the key drivers behind the rise of cyber as a peril.
One of the latest developments from cyber criminals has been dubbed ransomware-as-a-service, with cyber criminals offering their services for hire on a subscription basis —sometimes for as little as $40 a month.
This means that criminals gangs can access entire ransomware infrastructures through the dark web, increasing their technological capabilities vastly for a relatively low monthly cost.
The success that ransomware criminals had in 2021, and the revenues that they were able to generate, has fuelled the business further to allow them to evolve, and to become more sophisticated and to invest in their own business.
Rehan Hussain, head of cyber, regional unit London and Nordics at Allianz, says that criminals operating in this space are now running their operations as businesses, investing their ill-gotten gains back into developing new and more sophisticated methods of attack — fuelled by a busy 2021.
“The success that ransomware criminals had in 2021, and the revenues that they were able to generate, has fuelled the business further to allow them to evolve, and to become more sophisticated and to invest in their own business,” he says. “That suggests that the tactics used by cybercriminals will also evolve, they will continue to change, and will lead to more sophisticated attacks.
“So we are expecting ransomware to continue that momentum and things will be worse in 2022.”
And these new tactics have also led to the emergence of double extortion, where ransomware criminals not only extort funds from their primary target, but also move on to attack and disrupt companies that make up that organisation’s supply chain.
Hussain also warns of the threat of triple extortion, where business partners are increasingly being targeted in an attack as well.
Ultimately, this presents a large risk for insurers, primarily because of the growing cost of business interruption costs under such a widespread and complex scenario.
“That business interruption risk becomes quite vast when supply chains become affected,” Hussein says. “A cyber insurance policy will generally also cover third party providers, and when they are affected as well as the insured, the magnitude of the claim can then become much, much larger.”
Chris Methven, CyberCube chief growth officer, says there is also a growing threat in this form of attack being carried out by nation state actors, or so-called Advanced Persistent Threats (APTs) — something that will be of increasing concern following the Russian invasion of Ukraine.
“These attacks aren't slowing down but are becoming more diverse,” he says. “Highly sophisticated APTs, such as the Russian APT that conducted SolarWinds, are not getting caught. They're finding new and clever ways to carry out these attacks while simultaneously, we're also in a world in which there are more software vulnerabilities that go unreported than ever before.
“We expect to see more activity from these groups in 2022. In particular, APTs will be focussed on compromising specific adversaries, as well as waging espionage and intelligence campaigns.”
Carriers today are acutely aware of the losses that can stem from insecure supply chains, so brokers need to be able to communicate the importance of supply chain security to their clients.
Methven adds that it is up to brokers selling these policies to make their clients aware of just how much of a risk there supply chain represents from a cyber security point-of-view.
“Carriers today are acutely aware of the losses that can stem from insecure supply chains, so brokers need to be able to communicate the importance of supply chain security to their clients,” he says. “Insureds should focus on their third-party software vendors, as well as any open-source software that they might be utilizing in their network.”
This rising threat level of ransomware and other cyber criminals has led to a hardening market, with cyber insurers looking to lessen the impact these losses have been having on their financial performance.
“Cyber insurers have seen fairly serious performance challenges arising from what many are now calling the ransomware epidemic, and loss ratios have been put under stress,” says James Burns, head of cyber at CFC Underwriting.
“So the market has responded by adjusting the pricing and underwriting approach, and we are still very much in that zone of rate rises and correction in order to counter the stress and performance that we've been seeing.”
Despite this, the increasingly widespread nature of ransomware, coupled with more mainstream news coverage of high-profile cyber attacks and breaches, had led to an increase in awareness amongst business leaders.
Burns says this has led to an increase in uptake of cyber cover despite recent rate rises, particularly at the SME end of the market.
“There's still plenty of appetite for SME businesses, but the product is considerably more expensive,” he says. “From what we're seeing, that isn't deterring organisations from wanting to buy the product, and demand seems to be continuing to thrive because of the widespread nature of ransomware.
“People and organisations are now seeing that this is a material threat for their businesses and to their operations, and they can very clearly see the value of insurance products now.”
What we're now seeing is a step up to the next level [of cyber risk management], which is insurers starting to collect and collate active threat intelligence.
Insurers have also responded to this increased threat by investing in technology and creating pro-active solutions that can help detect the threat of an attack before it has even occurred.
“Technology and risk management solutions have been a big part of the shift in the cyber insurance market, and I think it's going to be a big part of the solution, as well stopping a lot of these claims from happening before they occur,” Burns says. “What we're now seeing is a step up to the next level [of cyber risk management], which is insurers starting to collect and collate active threat intelligence.
“This is sourced from the dark web, so we can make sure that we're identifying policyholders who are actually being targeted, and stop those attacks from happening before they happen.”
Developments such as these will be crucial for insurers looking to protect not only their clients, but their underwriting results too. But ransomware remains a tough challenge for the industry to rise to, despite these technological advancements.
“This is something that is not just a today issue,” Hussein says. “It is something that organisations need to continuously invest in as the threat actors, and the threat vectors, will continue to evolve going forward.”