The key selling point for cyber insurance has evolved over recent years as cyberattacks have become more prominent. Several years ago, cyber insurance was important because of data breach concerns and protecting organizations’ liability if private data was exposed. Today, the focus is on the potentially huge losses stemming from cybercrime.
In fact, over the course of 2019, the main cyber-related activity impacting Tokio Marine HCC’s policyholders continued to shift from ‘data breach’ to ‘cybercrime,’ according to the insurance group’s “2020 Cyber Digest Analysis of 2019 Cyber Claims Data.” Among Tokio Marine HCC’s non-healthcare policyholders, there was a 44% increase of ransomware claims between 2018 and 2019. Notably, for the first time in over five years of tracking, ransomware has landed at the top of the list of loss causes in the non-healthcare segment.
The shift in the number one cause of loss is a result of both the growing sophistication of cybercriminals’ attack methods as well as businesses’ ability to adapt to cyber threats.
“Businesses are responsive to new threats and over time will improve their security controls and processes to reduce the risk,” said Mike Palotay, chief underwriting officer at Tokio Marine HCC.
A few years ago, credit card breaches at retailers like Home Depot, with 56 million cards compromised, and Target, with 41 million cards compromised, were making headlines. Today, the number of credit card breaches in the news has dropped off, and that’s because businesses have learned their lesson and adopted end-to-end encryption, among other controls. Next, criminals set their sights on phishing emails, which entice users to click on suspicious links and provide crucial information, and business email compromise, where criminals impersonate employees and management to convince other employees to wire money to nefarious accounts.
Today, cyber risks have evolved even further.
“Right now, there are tools that relatively unsophisticated hackers can use to launch ransomware attacks,” explained Palotay. “They can go to the dark web and pay a relatively small amount of BitCoin for a particular software program that basically creates their own ransomware that is undetectable by a lot of antivirus solutions.”
The range of businesses that can become victims of ransomware is broad. In one example highlighted in the Tokio Marine HCC analysis, an assistant restaurant manager downloaded an email attachment that looked like a spreadsheet from her manager on to the restaurant’s computer. Unfortunately, the file contained the Ryuk virus, which blocked access to the operating system and encrypted all the files on the computer. A message appeared on the computer notifying the manager that the system and all files were encrypted and would only be unlocked if he paid a ransom of more than $200,000 using BitCoin.
This heavy price tag for a ransom is part of a broader trend in cyber threats. “Hackers realized that a lot of targets now have insurance, so the demands went from a few thousand dollars to hundreds of thousands, if not millions of dollars,” said Palotay, adding that overall, “It’s concerningly easy to launch a ransomware attack, and the barriers of entry are really low.”
Nonetheless, similar to when businesses have been faced with other forms of cyber threats, Palotay believes they’ll “react and learn” with the help of experienced cyber professionals like those at Tokio Marine HCC.
“We’re recommending a number of security controls that they can use to reduce their risk,” he said. “We’ve seen increased adoption of those security controls over the last six months, and I expect that trend to continue and this [ransomware] to slow down again until there’s a new form of the threat.”