The JBS cyberattack may have had a massive impact on the firm itself – with the meat producer estimated to have paid out the equivalent of US$11 million (around CA$13.9 million) in a ransom payment – but its repercussions have also been felt throughout the insurance industry.
With more digital security pressure, insurers are expected to make refinements in coverage, reduce limits and sub limits, as well as adjust their pricing, particularly in line with the hard market.
In Canada, this movement was, in many cases, already taking place, but globally there has been some debate around how insurers are responding to ransomware and whether they are willing to pay for it.
Media coverage for ransomware attacks on companies such as JBS is “generating quite of bit of awareness, the dollar values and frequency are putting a lot of pressure on coverage overall and underwriting profits,” said EVP and COO of SGI Canada Andrew Voroney, speaking to Insurance Business.
“In the smaller packaged products, we might see some decrease in limits or pricing pressure,” Voroney explained, “but in the underwritten, more complex products, I think everyone fully expects to see more requirements, coverage with higher limits, and a higher degree of due diligence in underwriting across the board.”
There are lots of big names circulating in the news, much like with the JBS attack, but smaller companies are also being impacted. Many one-man shops collect payments, store customer data, or store data that is important for their business, and “cyber insurance is a part of that response even for small businesses,” said Voroney.
Brokers should not be shying away from seeking cyber security expertise; carriers, insurance providers, and the technology community are there to ensure clients have a robust response and mitigate risk from the get-go.
Cyberattacks take the path of least resistance, it is all a numbers game, and the weakest link will be the one that suffers. The JBS attack impacted many countries, such as Canada, Australia, and the US; the landscape of cyber insurance is global, “it’s a collective impact and response effort,” Voroney added.
Being one of the newest coverage types in the industry, cyber insurance still has some kinks to fix. There is a lot of data to gather and figuring out how to price and respond effectively is challenging in such a rapidly growing space. “It will be a continuing effort to respond and protect…the mitigation here is employee knowledge and generating awareness,” Voroney said.
After the JBS attack, government sectors, the private industry and insurance companies are working towards more advancements in cyber insurance. For now, insurers must focus on having open modes of communication, timely responses and technological resources for brokers, so clients are prepared for future attacks.