The cyber insurance market is undergoing significant changes as losses continue to mount, with bad actors stepping up their ransomware, business email compromise and social engineering tactics to hit businesses large and small hard across all industry sectors, including those that typically were not on the radar of cyber criminals.

COVID-19 has certainly impacted the cyber landscape, but it's important to note that the changes taking place began long before the pandemic. Steve Robinson, RPS Area President and National Cyber Practice Leader, provides an update on the cyber insurance market and the confluence of factors making an impact in this space.

Work-from-Home Ups the Ante for Information Security

"The U.S. workforce has largely gone remote due to COVID-19, further exacerbating the cyber vulnerabilities inherent in the ecosystem of data and people," explains Robinson. "This has contributed to upward trends we've experienced in ransomware, BEC and social engineering claims."

Robinson notes that the typical safeguards and practices of working in a physical office environment now require employees to make extra efforts to ensure that the same procedures are employed at home.

"People today are on the phone and video chatting all day long. They tend to let their guard down and take shortcuts to verify the legitimacy of specific requests such as payment authorizations, data access rights, and password protection," he says.

Small to midsize enterprises (SMEs) have been particularly impacted by the rise in cyber attacks as they don't typically have the budget or the infrastructure in place to adequately address information security. 

"What was already a problem for SMEs in providing adequate allocation dedicated to information security has become even more difficult with the work-from-home environment and reduced revenues as a result of the pandemic," noted Robinson.

Good Old-Fashioned Common Sense Can Play a Big Role

Funding information security is critical, but common sense also plays a key role – something that gets lost in the day-to-day mix for some organizations.

"Recently, one of our insureds, a small public entity, was the victim of a ransomware attack with perpetrators demanding $1 million in cryptocurrency to release the decryption key to its network," Robinson shares.

"The public entity turned to its cyber insurance to use the services provided in the policy including our carrier's hotline, legal representation and forensics experts to determine next steps. The forensics team found that the insured did not have a backup of its network, leaving the carrier with no choice but to negotiate with the perpetrators.

"In other cases, a company will have a backup but it remains untested, or the backup is also located at the primary location. In this case, if the bad actors get into a company's network, they also have access to the backup."

Bad Actors Step Up Their Game

As more organizations adopt stronger backup procedures to mitigate the effect of ransomware attacks, bad actors have become more sophisticated in their tactics.

For instance, Robinson says, "An organization feels confident that it can restore its network from its backups. It instructs negotiators to inform the perpetrators there is no ransom deal.

"However, we are now seeing cases where not only are cybercriminals compromising a company's network but also gaining access to personal identifiable information (PII) or confidential corporation information while in the network. If the ransomware is not paid, these criminals threaten to expose confidential information that could be in violation of a business's contractual agreement or embarrassing and harmful to its reputation.

"You now have a ransomware attack, a data breach, and extortion not to release the information."

How Is the Insurance Market Reacting to the Cyber Landscape?

As a result of the frequency and severity of cyber losses, and in turn, underwriting deterioration over the last few years, insurers are seeking higher rates,  deductibles and retention levels, adding sublimits, shoring up their underwriting guidelines, reducing capacity and asking for a real partnership with their insureds.

"Insurers are saying we can no longer fund the lack of information security preparedness to the extent we have been. We need to be in this together and for insureds to do their part in mitigating losses with better information security and data hygiene in place.

"This includes requiring assurances from businesses that they are securing their remote desktop protocol (RDP) and requiring multi-factor authentication (MFA) and advanced endpoint protection. It also involves having three backups – two in different mediums and one located offsite, and testing the backups.

"In addition, creating a culture of data hygiene with ongoing employee training throughout the business is fundamental in heightening cyber awareness and reducing human errors."

Robinson stresses that the cyber insurance market correction will not come solely from increased rates and deductibles, sublimits and reduced capacity. It's these measures in concert with effective risk management on the part of insureds that will make a difference.

The Benefit of Working with Cyber Specialists

In this challenging cyber insurance environment where some carriers are exiting certain industries, doubling rates in others, pushing back on capacity including in the SME market, and employing greater underwriting scrutiny, it's critical for retailers to work with specialists.

"Our cyber specialists have the experience and access to markets to secure coverage for all types of clients. For larger organizations, we can go to various markets to build the capacity towers needed to cover the exposure," notes Robinson.