Ransomware attacks have been back on the up in 2023 following a lull widely understood to be driven by Russia’s Ukraine war, and while the industry may be feeling prepared for any rising trend, insurer cyber leaders have warned against complacency.
“The industry overall has seen an uptick in ransomware activity towards the beginning of this year,” said Arch EVP professional liability & cyber Jamie Schibuk. “A lot of the threat actors have now refocused; they’re doing that big game hunting again, so we are starting to see larger incidents and potential for larger payments.”
Schibuk was, though, confident that insurer developments in recent years, such as taking a more engineered approach to cyber risk, tightening criteria, and focusing in on prevention, will set them in better stead than in 2021.
“The insureds are much better prepared and much better positioned in order to either prevent an attack entirely or recover more quickly and more seamlessly from an attack today,” he said. “They’re definitely better prepared, the market is better positioned than it was at that point in time – at this point, we feel it’s certainly an uptick, but something that is very manageable.”
There is some consensus between cyber experts that Russia’s Ukraine war in Europe, potentially among other factors, had an impact on last year’s falling ransomware rates. It’s a view previously mooted by NSA Cybersecurity Directorate director Rob Joyce, who, in May 2022, drew attention to the “knock on effects” of sanctions on cybercriminals.
Russia’s campaign in Ukraine remains ongoing, with measures set to remain in place for now. Nevertheless, NetDiligence interviewees warned against complacency when it comes to malicious actors, particularly with ransomware risk appearing to rise.
“As that conflict settles into what looks to be a long grinding process, we’re possibly reverting back to some level of close to a base norm,” said Eric Seyfried, AXIS head of cyber & technology, US open market.
There has been a “decent sized uptick” in first notifications of loss (FNOLs), Seyfried said, though it remains to be seen how any trend develops.
“At the end of the day, we think people are going to need to be cognizant of the fact when they’re cutting price, maybe softening on how stringently they want to be able to control posture, to realise that the threat environment continues to develop,” Seyfried said. “Right now, there is not really enough cause to be driving significant rate decreases, or a lessening around what a base level of maturity and hygiene and security needs to look like in order to be an insurable risk.”
Monitoring of ransomware and data breach leak sites has shown a rise in victims on last year, marrying up with insurer experiences. Four hundred and fifty-two (452) businesses featured on leak sites in March, up 60% on the previous year, according to Corvus’s Q2 2023 Risk Insights Index.
“From an insurance standpoint, many of those victims are likely insured companies, and so ultimately claims will come up as a result,” Lauren Winchester, Corvus SVP, risk and response, said. Corvus, which had what it referred to as an “industry leading loss ratio” of 36% in 2022, is not feeling a direct impact from this yet.
“We, fortunately, are not seeing that reflected in our book, and hopefully that’s a testament to the underwriting and outreach that we’re doing,” Winchester said. “But I do expect it’s going to continue on this trend, and it suggests that the threat actors have regrouped, they’ve rebuilt their infrastructure, and they’re up and running.”
Insurers and insureds are not just contending with ransomware; business email compromise is another industry bugbear at present, cyber insurance leaders said in June.
Interviewees spoke to Insurance Business at NetDiligence, which took place in Philadelphia from May 31 to June 2, 2023.
Let us know your thoughts on ransomware trends and industry preparedness by sharing a comment below.
