Insurers look to curb ransomware exposure as U.S. cyber
rates rise
Send a link to a friend
[January 22, 2020] By
Suzanne Barlyn
(Reuters) - U.S. insurers are ramping up
cyber-insurance rates by as much as 25% and trying to curb exposure to
vulnerable customers after a surge of costly claims, industry sources
said.
The changes follow a challenging year of hackers using malicious
programs, known as ransomware, to take down systems that control
everything from hospital billing to manufacturing. They stop only after
receiving increasingly hefty payments.
The attacks happened less frequently in 2019, but the problem remains
significant, cybersecurity experts said.
"Ransomware is more sophisticated and dangerous than we saw in the
past," said Adam Kujawa, director of Malwarebytes Labs.
There were 6% fewer ransomware incidents in 2019 versus the prior year,
according to Malwarebytes. However, attacks are now designed to spur
deeper and more lasting technological problems, with hackers demanding
bigger sums.
The average ransom of $41,198 during the 2019 third quarter more than
tripled from the first quarter, according to Coveware, which helps
negotiate and facilitate the payments.
Ransoms are becoming disproportionate to the size of targets, said Kelly
Castriotta, Allianz SE North American head of product development for
financial lines. Hackers frequently pursue mid-size companies and other
organizations that are less technologically adept, but also have less
revenue to cover big ransoms.
"You'd expect a ransomware demand that you can pay," Castriotta said.
The U.S. rate increases underscore broader global ransomware problems
from which no company is immune.
Ransomware recently crippled foreign-exchange firm Travelex Ltd's [TRVLXP.UL]
systems for weeks, leaving staff to serve customers with pens and paper.
Hackers demanded $6 million, the BBC reported. Travelex declined to
comment.
Another attack in December paralyzed the Albany County Airport
Authority's administrative computers. It had to pay $98,705.96 in
Bitcoin to get the system unlocked, a spokesman told Reuters. Its
insurer, Chubb Ltd, covered the ransom, he said. Chubb declined to
comment.
[to top of second column] |
A sign referring to the hacked computer system of Baltimore City is
taped to a door near Baltimore City Hall in Baltimore, Maryland,
U.S. May 10, 2019. REUTERS/Stephanie Keith/File Photo
Cyber-insurance premiums started rising 5% to 25% late last year, said Robert
Parisi, U.S. cyber product leader at Marsh & McLennan Companies Inc.
He called the increases "dramatic" but said insurers have not scaled back
coverage.
Cyber policies often cover not just ransom, but data recovery, legal liabilities
and negotiators fluent in hackers' native languages. Some insurers are
considering changes, given the rising costs.
Allianz is looking into price adjustments and whether ransomware should be a
separate product from general cyber coverage, Castriotta said.
Zurich Insurance Group AG is more likely to underwrite firms that have added
network features to prevent attacks from spreading through systems, said its
chief risk officer, Peter Giger.
Sompo International is reviewing criteria for businesses that have been most
vulnerable to ransomware, said Brad Gow, global cyber product leader.
Insurers including Sompo may also lower amounts they pay for ransomware attacks
against higher-risk companies or shift to coinsurance, in which policyholders
would pay 20% to 30% of ransomware claims, Gow said. They might also require
those policyholders to have data-backup procedures.
Gow compared potential changes to requiring airbags or sprinkler systems.
"We can drive a win-win by helping our clients become better protected," he
said.
(GRAPHIC - Global threat from ransomware:
https://fingfx.thomsonreuters.com/
gfx/editorcharts/CYBER-INSURANCE/
0H001QXWXBGK/index.html)
(Reporting by Suzanne Barlyn; Additional reporting by Carolyn Cohn in London and
Noor Zainab Hussain in Bengaluru; Editing by Lauren Tara LaCapra and Nick
Zieminski)
[© 2020 Thomson Reuters. All rights
reserved.] Copyright 2020 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |