Cyber insurance report declares ransomware a ‘digital pandemic’

7 Jul 2021

Image: © beebright/Stock.adobe.com

Cyber insurance prices have increased by almost one-third, with ransomware now the most common form of cyberattack.

Global cyber insurance prices have soared since the beginning of the pandemic as providers scrambled to cover rising losses, according to research conducted by international insurance broker Howden.

A cyber insurance report published last month found the number of ransomware attacks worldwide between the first quarter of 2019 and the last quarter of 2020 increased by 170pc, making it the predominant cyber threat to businesses of all sizes.

This has led to an average 32pc increase in global cyber insurance pricing in the year since June 2020.

Insurers are also demanding more from businesses’ cyber resilience and are only willing to deploy capacity if they are satisfied by the strength of companies’ risk management frameworks, Howden said.

According to the report, the past year “will forever be synonymous with Covid-19, but it will also be remembered for another digital pandemic that has transformed the cyber threat landscape: ransomware”.

Insurers demand higher cybersecurity standards

Soaring cyber insurance prices coincide with rising severity in ransomware cases. The report found that, where US companies decided to pay a ransom in the first quarter of 2021, the average payment was four times that of 2019.

Globally, the average cost of ransomware remediation has risen from $700,000 in 2020 to $1.85m in 2021. In some major markets, including the US, average remediation costs have exceeded $2m.

“Cyber risk has undergone multiple episodes of change and development in its relatively short history, but nothing quite so impactful and fundamental as the events over the last year,” said Shay Simkin, global head of cyber at Howden.

Simkin said that insurers are now demanding markedly higher cybersecurity standards before deploying capacity and that businesses need analytical solutions designed specifically for them.

“Covid-19, and all of its attendant effects on technology adoption and cybersecurity, combined with independent or connected changes to the loss environment, has added a big dose of complexity into an already complicated risk landscape,” he said.

“Claims are up, capacity is down and underwriting profitability is, at best, under pressure.”

Incentive for vigilance

The cyber market has grown substantially in the last five years. Total revenue, also known as gross written premium, has more than doubled since 2016.

Howden predicts a similar rate of expansion for the global cyber insurance market over the next few years, which would see total revenue approach $20bn by 2025.

Oz Alashe, founder and CEO of cybersecurity service CybSafe, said the rising cost of cyber insurance is “unsurprising” in the face of ever-increasing threats.

“Growing numbers of claims as well as recent high-profile attacks – including the attacks on Ireland’s healthcare system, a key US fuel pipeline, and meat supplier JBS – have put huge pressure on the insurance market. As a result, costs are rising, and conditions for pay-outs following ransomware attacks are becoming increasingly stringent.”

However, Alashe added that this should be an incentive for organisations to take cybersecurity seriously.

“With cyber insurance companies becoming more vigilant about the requirements that must be met before providing cover, getting the cybersecurity fundamentals right is more important than ever for organisations.

“Effective security awareness training, as well as a deliberate focus on security behaviours like using stronger passwords and backing up data, are simple steps that organisations should take to protect themselves and ensure they can access the appropriate insurance.”

Vish Gain is a journalist with Silicon Republic

editorial@siliconrepublic.com