Published on July 5th, 2021 📆 | 7381 Views ⚑
0In crosshairs of ransomware crooks, cybersecurity insurers struggle
In the past few weeks, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralysing, data-pilfering extortion attacks they themselves apparently suffered.
Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiations. The cyber insurance industry, too, is a prime target for crooks seeking its customersâ identities and scope of coverage.
Before ransomware evolved into a full-scale global epidemic plaguing businesses, hospitals, schools and local governments, cyber insurance was a profitable niche industry. It was accused of fueling the criminal feeding frenzy by routinely recommending that victims pay up, but kept many from going bankrupt.
Now, the sector isnât just in the criminalsâ crosshairs. Itâs teetering on the edge of profitability, upended by a more than 400 per cent rise last year in ransomware cases and skyrocketing extortion demands. As a percentage of premia collected, cyber insurance payouts now top 70 per cent, the break-even point.
Fabian Wosar, chief technical officer of Emsisoft, a cybersecurity firm specialising in ransomware, said the prevailing attitude among insurers is no longer: Pay the criminals. It's likely to be cheaper for all involved. âThe ransomware groups got way too greedy too quickly. So the cost-benefit equation the insurers initially used to figure out whether or not they should pay a ransom â it's just not there anymore,â he said.
Itâs not clear how the single biggest ransomware attack on record, which began on Friday, will impact insurers. But it can't be good.
Pressure is building on the industry to stop reimbursing for ransoms.
In May, the major cyber insurer AXA decided to do so with all new policies in France. But it is so far apparently alone in the industry, and governments are not moving to outlaw reimbursement.
AXA is among major insurers that have suffered ransomware attacks, with operations in Thailand hard-hit. Chicago-based CNA Financial, the seventh--ranked US cybersecurity underwriter last year, saw its network crippled in March. Less than a week earlier, cybersecurity firm Recorded Future published an interview with a member of the Russian-speaking ransomware gang, REvil, that is skilled in pre-attack intelligence-gathering and happens to be behind the current attack. He suggested it actively targets insurers for data on their clients.
CNA would not confirm a Bloomberg report that it paid a $40 million ransom, which would be the highest reported ransom on record. Nor would it say what or how much data was stolen. It said only that systems where most policyholder data was stored âwere not impacted.â
Dear Reader,
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.
Digital Editor
Gloss