Coalition released its cyber claims report in March, analyzing data from active cyber insurance companies in Canada and the United States throughout 2021.
The report revealed that ransom demands have significantly increased over the past year with smaller companies becoming more of a target for cyber criminals who continue to take advantage of remote working life.
Coalition published the report to give the industry more transparency and insight into cyber insurance claims and best practice risk mitigation and incident response.
“Our ability to have far more intimate details around what the adversary did, how they got in, and how to get them out of the network, not only enables us to improve underwriting, but allows us to provide more detailed information around claims,” Shawn Ram, head of insurance at Coalition told Insurance Business.
When claims insights and technical acumen are brought together, the data that is made available can be incredibly impactful.
“The completeness of the data is unique,” said Ram. “Ransomware demands continue to increase, although claim severity has begun to plateau.”
In the second half of 2021, the average ransom demand made to Coalition policyholders increased over 20% to $1.8 million, but the average payout for ransomware claims decreased by 60%.
As ransomware variants continue to evolve, and bad actors continue to use a myriad of attack vectors, the insurers and insureds need to be prepared for everything.
“No-one is immune,” Ram continued. “Small businesses are disproportionately impacted. Attacks have been automated, and no matter how small, there was an increase in ransomware attacks specifically for accounts below $25 million in revenue.”
Although smaller companies are not necessarily mainstream news, it can be debilitating for a florist to experience a ransomware attack the week of Valentine’s Day, for example.
Coalition has launched an active insurance campaign, which pairs underwritings tools with incident response capabilities to position policyholders to experience less claims.
“In 2020 the insurance industry was working to determine a good cyber risk and focus on security because of the proliferation of ransomware which continued in 2021 when cybersecurity improved,” Ram said.
Best practices with respect to cyber hygiene are constantly being updated as ransomware demands evolve. In the past back-ups were top of mind, and while they remain critical, Ram noted that patch management is just as important.
“Ensuring that crucial technologies used by a company are encrypted and that there’s authentication in place is essential,” he said. “When the pandemic started, there was an accelerated need to access desktops remotely, which wasn’t viable for everyone.”
With the amount of RDP being opened and publicly visible on the internet, adversaries were incredibly active scanning remote desktops as the gateway to deploy ransomware.
“Our industry has become more aware of what RDP is and recognizes the need to shut it down or put it behind a VPN,” Ram emphasized. “RDP is a notable technology; it enables us to do very interesting things but if mis-used, it can be utilized in a negative fashion by adversaries.
“Ensuring that remote access is not publicly visible is a critical methodology to avoid ransomware.”
The nature of cyberattacks continues to change, so predicting what may happen within the next two to three years is not the priority.
“At Coalition, we don’t aim to be five years ahead, we look at being five months or five weeks ahead,” Ram mentioned. “We need insights on what adversaries are doing today and how that will impact policyholders in the weeks to come as the speed this market moves is in real-time.”