But at a time when more organisations are clamouring for these sorts of protections, cyber insurance
            carriers are raising premiums and limiting the coverage they’re willing to offer.

            In a recent report entitled Cyber insurance: A hard reset, multinational insurance broker Howden reported
            that global insurance pricing had increased by an average of 32 per cent from June 2020 to June 2021.

            Similarly, insurance broker Marsh’s latest Global Insurance Market Index found that cyber insurance
            premiums shot up 56 per cent in the US and 35 per cent in the UK from the second quarter of 2020 to
            the second quarter of 2021.


            Marsh reports that Australian businesses, specifically, have been slugged with cyber insurance premium
            jumps of up to 30 per cent, and those prices are expected to just keep rising.




            Why are cyber insurance premiums going up?
            Essentially, cyber attacks are becoming too common for the insurance sector, which relies on businesses
            insuring  themselves  against  scenarios  that  might  not  end  up  happening  for  its  profits.  With  hacks
            becoming a virtual inevitability, safeguarding businesses against them is an increasingly shaky prospect
            for insurers.

            According to both the Howden and Marsh reports, it’s the frequency and severity of ransomware attacks
            – in which cybercriminals take control of a network and demand payment to hand it back – that are driving
            cyber insurance prices skyward.

            The number of ransomware attacks worldwide shot up 170 per cent from the first quarter of 2019 to the
            fourth quarter of 2020, according to Howden, while the average cost of a ransomware attack is up 145
            per cent in 2021 compared to 2020.

            There  are  a  number  of  reasons  for  the  rise  of  ransomware,  including  the  availability  of  low-cost
            ransomware kits and ransomware-as-a-service (RaaS) offerings that enable users to launch ransomware
            attacks  without  any  technical  expertise  on  their  part,  effectively  lowering  the  barrier  to  entry  to  the
            cybercrime ‘industry’.

            The  proliferation  of  double  extortion  is  also  a  factor  –  in  a  double  extortion  attack,  not  only  do
            cybercriminals take control of your system and demand payment for its return, but they also threaten to
            leak the data they’ve stolen from you, and demand a separate payment not to do so. Ransomware group
            REvil had the dubious honour of being the first to use the double extortion tactic in June 2020, and it’s
            since taken off worldwide.

            As is so often the case, the COVID-19 pandemic is also partly to blame. The sudden explosion in remote
            work and the acceleration in digitalisation that has come with that has exponentially increased the attack
            surfaces that are available to cyber criminals, and made it harder for breaches to be discovered.

            IBM and Ponemon’s Cost of a Data Breach Report 2021 found that data breaches were 17.5 per cent
            more costly where remote work was a factor, and that organisations that had more than half of their
            workforce working remotely took 58 days longer to identify and contain breaches, on average.





                                                                                                              49