Cyber Insurers React to Surge in Ransomware Claims and Halve Cover
Speaking after the Colonial pipeline attack in May this year, Christian Mumenthaler, the CEO of one of the world's largest reinsurers, Swiss Re (Swiss Reinsurance Company), said:
"The cyber insurance market is currently worth around $5.5 billion in premium, as compared to gigantic yearly losses that extend into the hundreds of billions of dollars ... I would actually argue that overall the problem is so big it’s not insurable."
It appears this is true, with some cyber insurers now halving - or more - their cover to clients. Those which were willing to issue US$5 million policies in 2020 are now limiting coverage to US$1-3 million.
It's not surprising this has happened. Ransomware attacks have shot up as COVID has progressed. In the first six months of this year, payouts totalled US$590 million, as opposed to US$416 million in all of 2020.
The increase can be put down to a remote workforce which, in many instances, has brought with it a reduction in security levels, and a public inclined to click on anything related to COVID.
Hackers are refining their skills, too, with more advanced scam emails. They are also educating themselves and reading balance sheets and focusing on specific sectors.
Attacks have shifted away from healthcare facilities and municipalities - 560 healthcare facilities and 113 federal, state and municipal governments and agencies were targeted by ransomware in 2020 - to much larger companies in such areas as manufacturing and logistics. Healthcare facilites and municipalities have little money, whereas 'corporate' can't afford their systems to be down for extended periods and, more importantly, have the insurance to cover ransomware and are more likely to pay ransoms which are often in the millions of dollars.