2022 Midyear Market Outlook: Cyber Insurance

The past year has seen a rapidly hardening cyber insurance market as cyberattacks have surged in both cost and frequency. This increase in attacks has, in turn, resulted in a rise in cyber insurance claims and subsequent underwriting losses. Amid these market conditions, most policyholders experienced higher cyber insurance rates at their 2022 renewals, with many insureds seeing double-digit rate increases. In fact, industry data shows that rates rose by as much as 50%- 100% during the first quarter of the year, depending on policyholders’ specific exposures, loss history, and risk management measures. Insureds have also begun encountering coverage restrictions, further scrutiny from underwriters regarding cybersecurity practices, and exclusions for losses stemming from certain types of cyber incidents—namely, acts of cyberwarfare related to international conflicts and other increasingly prevalent cyberattack methods (e.g., ransomware). Looking ahead, policyholders who fail to adopt proper cybersecurity protocols or experience a rise in cyber-related losses may continue to face rate increases and coverage limitations for the foreseeable future.

Increased nation-state threats and coverage exclusions— Nation-state cyberattacks have become a growing concern over the past year, especially as the ongoing Russia-Ukraine conflict contributes to global cyberwarfare worries. In March 2022, the White House issued a statement warning U.S. organizations that nation-state cybersecurity exposures stemming from Russian attackers would likely increase in the coming months. The federal government also introduced new initiatives to harden the nation’s cyber defenses against foreign threats and urged businesses to follow suit. Apart from elevating their cyber defenses, some insureds have sought coverage for emerging cyber warfare risks. But, these policy-holders have likely faced challenges obtaining such coverage, primarily due to war exclusions, which generally state that damages from “hostile or warlike actions” by a nation-state or its agents won’t receive coverage. Cyber insurance policies are not immune to war exclusions. However, recent court cases and insurance industry shifts have both broadened and narrowed aspects of the scope of war exclusions as they pertain to cyber warfare, creating confusion and posing potential insurance gaps among policyholders.

Elevated ransomware concerns—Ransomware attacks have skyrocketed in recent years, affecting many businesses but especially small- and medium-sized establishments. Yet, ac- cording to industry data, ransomware activity decreased by 20% in the first quarter of 2022 compared to the fourth quarter of 2021. This is likely due to international law enforcement operations disrupting several high-profile ransomware groups since the beginning of the year. Nevertheless, industry data confirmed that ransomware attacks still contributed to 32% of overall cyber-related losses in the first quarter of 2022. Further, costs stemming from ransomware attacks re- main on the rise. According to data from cybersecurity company Palo Alto Networks, the average ransom payment reached $925,162 in the first five months of 2022—up 71% from last year.

Heightened business email compromise (BEC) risks—BEC scams entail a cybercriminal impersonating a legitimate source within an organization to trick their victim into wiring money, sharing sensitive data, or engaging in other compromising activities. These scams are among the most expensive types of social engineering losses, and they have emerged as a major threat. According to the FBI, BEC scams caused more than $43 billion in losses since 2016, with such losses increasing by 65% between 2019 and 2021 alone.

Tips for Insurance Buyers
  • Work with trusted insurance professionals to secure cyber coverage that meets your unique needs.
  • Start the cyber insurance renewal process as early as possible and be prepared to complete supplemental applications regarding your cybersecurity practices.
  • Take advantage of loss control services offered by insurance carriers to strengthen cybersecurity measures.
  • Focus on employee training to prevent cybercrime from affecting your operations.
  • Establish an effective, documented cyber incident response plan to minimize damages amid a cyberattack.

Lessons From the Colonial Pipeline Breach

One of the nation’s largest pipelines was forced to shut down in early May 2021 after falling victim to a ransomware attack. The 5,500-mile pipeline is operated by Colonial Pipeline and carries refined gasoline and jet fuel from Texas to New York. This pipeline transports 45% of the east coast’s fuel supplies.

The attack—carried out by DarkSide ransomware—resulted in gas shortages along the east coast due to Colonial Pipeline halting their operations in an effort to contain the breach. DarkSide reportedly stole 100 gigabytes of data from Colonial Pipeline and allegedly threatened to leak portions of it to the public unless a $5 million ransom was paid. This method, known as double extortion, involves cybercriminals not only encrypting stolen data and making it inaccessible but also threatening to release it.

Key Takeaways

The shutdown served as a reminder and warning of the catastrophic impact ransomware can have on businesses—especially those with aging IT infrastructure—and people. There are a few key takeaways from the breach, including: 

  • The threat of ransomware-as-a-service (RaaS)—DarkSide ransomware operates as RaaS, meaning cybercriminals subscribe to their tools to execute ransomware attacks. This is significant because, in the past, hackers had to have coding expertise to be successful. With RaaS, however, users don’t need to be skilled or experienced to carry out sophisticated attacks. RaaS empowers novice hackers by providing them with an easy-to-use system for deploying ransomware.
  • The impact of double extortion—Double extortion increases the stakes of a ransomware attack. Rather than only deleting data if the ransom isn’t paid, cybercriminals threaten to leak it. Since Colonial Pipeline did have backup data available to them, it would have been possible to wipe and restore their infrastructure without paying the ransom. However, they paid the ransom to keep their data from being exposed.
  • The risks posed by aging infrastructure—Old and obsolete operating systems may be easier for cybercriminals to infiltrate. By exploiting vulnerabilities in the outdated network, cybercriminals can gain access to sensitive data and hold it for ransom.  

Preventive Measures

Organizations can take the following actions to ensure that ransomware attacks don’t compromise their operations and data:

  • Conduct a security risk evaluation. Take time to identify which critical systems and assets are most appealing to cybercriminals. By doing this, businesses can get a better idea of how to prioritize protection.
  • Keep systems up to date. Update operating systems, applications and software regularly. Applying the latest updates improves systems, fixes problems and corrects any security issues discovered by developers.
  • Maintain data backups. The Multi-State Information Sharing and Analysis Center reports that backing up important data is the most effective way for organizations to recover from a ransomware attack. Backups should be stored offline, out-of-band or in a cloud service so attackers can’t target them. They should also be tested regularly for efficacy.
  • Train the team. Some of the most damaging cyberattacks occur due to human error. Training employees on the importance of cybersecurity and how to identify scams can help organizations reduce the likelihood of becoming a victim of ransomware attacks.
  • Install antivirus software. Antivirus software protects against many cyberthreats, including viruses, spyware, malware, Trojans, phishing attacks, rootkits and spam attacks.

If an attack occurs, organizations should have an incident response plan ready with defined roles and communications that can be shared during an attack. Organizations that are overly cautious and plan proactively may be able to minimize damage.

For additional risk management guidance and insurance solutions, contact us today.