Page 49 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 49
But at a time when more organisations are clamouring for these sorts of protections, cyber insurance
carriers are raising premiums and limiting the coverage they’re willing to offer.
In a recent report entitled Cyber insurance: A hard reset, multinational insurance broker Howden reported
that global insurance pricing had increased by an average of 32 per cent from June 2020 to June 2021.
Similarly, insurance broker Marsh’s latest Global Insurance Market Index found that cyber insurance
premiums shot up 56 per cent in the US and 35 per cent in the UK from the second quarter of 2020 to
the second quarter of 2021.
Marsh reports that Australian businesses, specifically, have been slugged with cyber insurance premium
jumps of up to 30 per cent, and those prices are expected to just keep rising.
Why are cyber insurance premiums going up?
Essentially, cyber attacks are becoming too common for the insurance sector, which relies on businesses
insuring themselves against scenarios that might not end up happening for its profits. With hacks
becoming a virtual inevitability, safeguarding businesses against them is an increasingly shaky prospect
for insurers.
According to both the Howden and Marsh reports, it’s the frequency and severity of ransomware attacks
– in which cybercriminals take control of a network and demand payment to hand it back – that are driving
cyber insurance prices skyward.
The number of ransomware attacks worldwide shot up 170 per cent from the first quarter of 2019 to the
fourth quarter of 2020, according to Howden, while the average cost of a ransomware attack is up 145
per cent in 2021 compared to 2020.
There are a number of reasons for the rise of ransomware, including the availability of low-cost
ransomware kits and ransomware-as-a-service (RaaS) offerings that enable users to launch ransomware
attacks without any technical expertise on their part, effectively lowering the barrier to entry to the
cybercrime ‘industry’.
The proliferation of double extortion is also a factor – in a double extortion attack, not only do
cybercriminals take control of your system and demand payment for its return, but they also threaten to
leak the data they’ve stolen from you, and demand a separate payment not to do so. Ransomware group
REvil had the dubious honour of being the first to use the double extortion tactic in June 2020, and it’s
since taken off worldwide.
As is so often the case, the COVID-19 pandemic is also partly to blame. The sudden explosion in remote
work and the acceleration in digitalisation that has come with that has exponentially increased the attack
surfaces that are available to cyber criminals, and made it harder for breaches to be discovered.
IBM and Ponemon’s Cost of a Data Breach Report 2021 found that data breaches were 17.5 per cent
more costly where remote work was a factor, and that organisations that had more than half of their
workforce working remotely took 58 days longer to identify and contain breaches, on average.
49