The COVID-19 pandemic has brought significant changes to the cyber insurance industry across all sectors. We have seen the prevalence of remote work environments, which has given rise to an onslaught of ransomware attacks by threat groups who have recognized the opportunity for exploitation. This put us in a corner and we’ve been chasing it ever since.
The ransomware epidemic first affected the insurance industry. Cyber policies were not adequately evaluated to keep up with the frequency and severity of these types of attacks. It has become abundantly clear that network security controls are a key consideration to effectively address these new risks.
jennifer wilson
Insurers became cybersecurity experts overnight and had to implement new management requirements for their insureds, starting with requiring authentication tools to reduce the frequency of attacks. However, the attacks continued as the hackers encrypted the victims’ files and forced them to pay a ransom in exchange for the decryption key.
The industry fought back by introducing backups, allowing businesses to get back to work with limited downtime and without paying a ransom. This only gave the hackers pause for a minute. Hackers realized that the files they had locked contained important data that could be exploited in other ways. Rather than encrypt it, they threatened to leak the information they found. In response, the target once again started paying high amounts on ransom demands.
Every time there is a counterattack from the insurance industry or a target, threat actors pivot to develop and deploy new angles. After each shift, the industry adjusts and the cycle continues as insurers seek more reliable tools to monitor, identify, and respond to potential threats. In fact, our claims data shows that ransomware remains the biggest payout ever.
Some organizations have decided not to pay ransom demands. Less than half of the ransomware claims managed by Newfront resulted in extortion. Source: New Front
Ransomware grabbed the headlines, but it wasn’t the only threat insurance companies were battling. Social engineering and wire fraud were also on the rise. We’ve learned to quickly identify telltale signs hidden in poor email grammar. However, the hackers changed tack, used advances in technology to improve email frequency, and tried to attack companies again.
Insurance companies responded by imposing callback methods to authenticate wire transfer instructions. This involved the recipient calling the sender via a contact number rather than email to confirm the instructions. This worked for some, but as technology advances spread and hackers discovered deepfakes, the callback appears to have been disabled. Why call back when the target can see the CFO on a video call and hear a voice instructing them to transfer $25 million as soon as possible? So the chase continues.
According to NetDiligence’s 2024 Cyber Claims Report, the average cost of business interruption is nearly $500,000. Given the growing scope and scale of cyberattacks, state and federal agencies are getting involved. These efforts were driven by an interest in protecting victims, understanding and mitigating overall risk, and informing investors about targeted attacks.
Post-pandemic, the industry has seen multiple new laws enacted at the state and federal level, forcing insurers and businesses to respond once again.
The evolution of risks and the potential for far-reaching impacts is expanding the level of expertise required to remain competitive in the cyber insurance brokerage industry. It is important to be knowledgeable about network security and stay informed of relevant laws related to cyber disclosure and reporting. Being a cyber insurance expert is not enough. We are asked to become de facto lawyers and engineers, which is what makes this industry so challenging and rewarding at the same time.
Good companies are still slightly behind the competition, but we’re hopeful that advances in technology and federal regulation will help move us forward. Our goal is to be several steps ahead of threat actors in the near future, allowing us to focus on prevention instead of just detection.
Wilson is NewFront’s Cyber Practice Leader. She has more than 25 years of industry experience, primarily in specialty reporting, claims, and risk management. Mr. Wilson is also a member of the NetDiligence Cyber Claims Advisory Board.
Want to stay informed?
Get the latest insurance news
Sent directly to your inbox.
