Earlier this year, researchers reported a 715% rise in ransomware attacks in 2020, and new data is now showing that ransomware attacks are to blame for almost half of all the cyber insurance claims filed in early 2020.
Coalition, a cyber insurance vendor, recently released the Cyber Claims Insurance Report, which analyzes the cyber insurance claims of its 25,000 clients throughout the first six months of 2020. According to the report, ransomware attacks have accounted for 41% of cyber insurance claims filed in the first half of the year, with the attacks growing increasingly more severe for victims.
We spoke with Jack Clabby, former cyber prosecutor and assistant U.S. attorney as well as current shareholder of Carlton Fields, to discuss this connection between ransomware and cyber insurance claims in 2020. When discussing the rise of ransomware throughout the course of this year, Clabby says, “In my practice, there’s three things that we’ve seen happen with ransomware this year. One, we’ve seen more incidents of ransomware occurring. Two, we’ve seen larger dollar amounts for ransom by one or two extra zeros than we’ve ever seen before. And three, we’re seeing new forms of ransomware where it’s not just locking up the system but locking up the system and then threatening to post the data they’ve taken unless the extortionate ransom is paid.”
Cyber insurance claims based on industry segments and organization size
While ransomware and other forms of cyberattacks were observed across nearly every industry segment, certain industries were found to be more frequently targeted by cybercriminals. Consumer-based industries (retail, hospitality, and food) had the highest frequency of annual ransomware claims, with the healthcare, financial, and energy industries following closely behind.
Attacks were also observed across organizations of any size and revenue, however, there was a higher frequency of claims targeting large organizations. Organizations with revenues of $100M-$250M were found to be five times as likely to file a cyber claim compared to smaller organizations, and those with more than 250 employees were also targeted more often.
Although smaller organizations experienced a lower frequency of cyber claims, the losses from these attacks were significantly more impactful than those of larger organizations. Ransomware attacks against smaller organizations tend to be more severe due to the significant business interruption and the costly recovery process to restore business operations. The average ransom demand increased 47% throughout the first six months of 2020 to the current average of $338,669.
When speaking about the impact of cyberattacks on small versus large organizations, Clabby says, “For smaller organizations, the risk of ransomware is that if a bad guy gets in and is able to deploy ransomware, the organization might be running only two or three servers total, so it’s catastrophic. If it’s a small company that relies on a public facing portal and the ransomware impacts that portal, there’s no revenue coming in and the company could be breaching contracts and agreements they have with other parties.”
The worst-case scenario for large organizations may be more severe, but they typically have better protection and resources for mitigating threats. “Large organizations are typically running multiple servers with robust backups, and they often have a more complicated system with better sensors. We’ve seen large entity clients have ransomware, but it doesn’t affect any public facing aspect and only affects systems that are backed up, so it’s not as catastrophic.”
Can cyber insurance assist your organization with ransomware and other cyberattacks?
In today’s technology-based world where cybercriminals are continually evolving, cyber insurance can assist your organization in the instance that you are targeted by a cyberattack. According to the 2020 cyber claims report, Coalition recovered lost funds for their clients in over half of reported incidents, recovering 84% of all lost funds due to cyberattacks.
Clabby suggests that there are two main benefits of organizational cyber insurance. The first is that your organization will be insured against catastrophic cyber risks that could severely impact business operations, such as ransomware attacks or data breaches. The second benefit is that, in the event of a cyberattack, you will have quick access to experts and resources that may otherwise be difficult to find at the last minute. Cyber insurance carriers are generally more experienced in cyber risks like ransomware and email compromise, so, by having cyber insurance you are essentially purchasing access to the carrier’s knowledge, connections, vendors, and mitigations.
“If you’re a smaller company, or even a larger company without a largely developed security response apparatus, for the price, cyber insurance gives you access to that expertise. You will be insuring against catastrophic cyber risk as opposed to the small stuff, and you’ll also have access to experts and expertise that you would otherwise be scrambling to get on your side.”
Clabby’s top cybersecurity recommendation for organizational leaders is to ensure that they have two crucial necessities prepared before a cyberattack even occurs: a person and a piece of paper. “To sum it up, you need an accountable person and a piece of paper that lists out in a very practical way who should participate and make decisions in the event of a breach. I think if you do those two things, you’re 50% of the way there.”
Leaders should clearly identify the person who is accountable for cyber controls and has the authority to make organizational changes. The paper should consist of some form of incident response plan that is written during low-stress times and identifies what to do in the instance of a cyber incident. Clabby says, “Literally, what are the phone numbers you may need? What’s the number of your insurance broker and your insurance carrier? If you need a lawyer, who’s the lawyer you’re going to call? Do you have a forensic firm that you signed up to call? Who is the law enforcement person in your jurisdiction, not just the FBI’s general phone number, but who is the human being at the FBI, state police, or secret service that you’re going to call?”
Having an incident response plan is crucial to ensuring that, in the event of a cyberattack, your organization has the necessary resources to mitigate the threat as efficiently as possible.
Regardless of whether you decide cyber insurance is the right choice for your organization, be sure that you and your team are prepared to mitigate a potential crisis by developing an incident response plan before you actually need it.