An increase in ransomware incidents is driven by many factors including double and triple extortion campaigns and ransomware as a business, according to a new report,
The number of cyber insurance claims AGCS has seen has increased in the past few years, following along with general cyber risk trends. In 2020, the company received more than 1,000 in total, compared to 80 in 2016. This trend has continued into 2021, with more than 500 claims received in the first half of the year.
“Cyber extortion and ransomware, in particular, has become big business,” the report states. “Attacks have increased as criminals have become more organized, refining their tactics and business models. The development of ransomware as a service, for example, has made it easier for criminals to carry out attacks.”
Business interruption and restoration are the biggest cost drivers behind losses as it accounts for over 50% of the value of about 3,000 insurance industry claims worth about $885 million over the last six years, according to AGCS analysis of 2,916 claims.
“We often hear about high profile sophisticated attacks in the media, but as a whole, the majority of ransomware attacks are not targeted, nor are they technically sophisticated,” said Thomas Kang, North American head of cyber, tech and media for AGCS, in the report. “For the most part, cybercriminals are looking for the most vulnerable firms, focusing their efforts on where there is the best chance of receiving a payout for the least effort.”
The average cost of recovery and downtime after a ransomware incident has more than doubled in the last year from $761,106 in 2020 to $1.85 million, according to
Cyber intrusion activity has also increased by 125% in the first part of this year,
The increase in overall events has led the cyber insurance market and insurers to try to mitigate risk and the severity of attacks that result in claims.
Michael Daum, Senior Cyber Underwriter at AGCS, stated in the report that around 80% of incidents could have been avoided if companies followed some best practices.
“In many cases, we find a lack of multi‑factor authentication (for remote access, on privileged IT accounts or for remote maintenance) or inadequate training has been a major contributing factor to the loss,” he stated. “For many businesses, if they were to improve cyber security, controls and procedures, they would be well protected, and the likelihood of being affected by a ransomware attack would significantly decrease. Hackers will typically hit those businesses with the weakest defenses first.”
AGCS published a checklist with recommendations for cyber risk management, it includes questions like:
- Are anti-ransomware tools deployed throughout?
- Is regular user training and awareness conducted on information security, phishing and others?
- Are regular backups performed?
- Are endpoint protection products and endpoint detection and response solutions used throughout the organization on mobile, tablets and laptops?
“The insurance market has a desire to continue to provide cyber insurance to its customers and therefore we must always challenge the norm," Kang told Digital Insurance. "With this class you can never have a set and done mindset and we must continue to do better. Those insurers that have the foresight to work with their customers to aid in the improvement of cyber maturity, coupled with those insurers that continually invest in both its people and technology will enable the sustainable continuation of the cyber insurance marketplace.”
