The frequency and severity of cyber crime has escalated in the past 24 months with ransomware attacks now the leading cause of cyber losses. Hackers are now employing ransomware attacks and extortion operations with increased efficiency and profitability. Ransomware as a service (“RaaS”) has made it easier for criminal enterprises to carry out attacks with the sharing of tools and techniques enabling criminals to improve the efficacy of their attempts.
With the shift to remote working resultant of the COVID-19 pandemic, businesses have been forced to open multiple remote access points to their networks, presenting new opportunities for cyber criminals. Australian Government data recorded a 15 per cent increase in ransomware reports in the last financial year and identified that the average loss of a social engineering event is $50,600 – 150% higher than in 2020.
Most frequent and significant losses have subsequently flowed onto insurers. The impact being more selective underwriting , reduced appetite, more controlled flow of capacity limits, narrower cover, more onerous excess structures and premium uplifts.
Companies must now show demonstrated ransomware “preparedness” to obtain cover. We emphasise to all of our clients the importance of maintaining a requisite level of cyber maturity and preparedness noting that without such processes in place cover will be unavailable. Insurers now expect that insureds implement or indicate an intention to implement the following measures:
- Multifactor authentication.
- Encryption of data (both while stored and in-transit.
- Regular simulated phishing attacks.
- Regular completion of software updates/patches.
- Ongoing updating of cyber/IT security systems.
Absent these measures, insureds are unable to obtain cover or may face significant premium increases.
Looking ahead, as businesses continue to digitise their processes, insurers expect losses to grow and premiums may rise sharply between 2021 and 2023. We expect insurers to continue increasing deductibles and begin imposing sub limits for ransomware. For further information on Cyber Insurance and its benefits, see our article here.
Continue reading our full range of market updates here:
For a more in depth market update by product class, profession and industry, please see our individual reports below:
General Insurance
Financial Lines
- Professional Indemnity
- Directors’ & Officers’ Liability (Public companies)
- Management Liability (Privately held and smaller companies)
- Cyber Liability
Construction