Ransomware attacks driving cyber reinsurance rates up 40%

Willis Re International told Reuters that recent high-profile ransomware attacks are sending reinsurance rates soaring.
Written by Jonathan Greig, Contributor

London-based reinsurance broker Willis Re told Reuters on Thursday that cyber reinsurance rates are skyrocketing due to a spate of devastating ransomware attacks on major companies in recent months.

For the July renewal season, rates have risen by up to 40%, according to James Vickers, chair of Willis Re International.

Enterprises are increasingly turning to cyber insurance and reinsurance companies for help with the recovery process following a ransomware attack. Cyber insurance and reinsurance companies handle everything from network restoration to public relations costs and business losses resulting from system downtime. 

But cyber insurers have struggled to handle the wave of attacks that continue to damage hundreds of major corporations like Colonial Pipeline and JBS. Both attacks drew headlines for their devastating downstream effects on the gas and meat supply of the US.  

Vickers told Reuters that reinsurers "that have been writing cyber are looking at considerably worse results than a few years ago." 

There has been considerable debate about cyber insurance's effect on ransomware, and ZDNet reported this week that a research paper from think tank Royal United Services Institute found cyber insurance policies are both encouraging cybercriminals and have become unsustainable for the industry. 

The paper said cyber insurance has not helped organizations improve their cybersecurity and is actually "facilitating the behavior of cybercriminals by contributing to the growth of targeted ransomware operations."

Other experts who spoke to ZDNet said there are indications that ransomware groups have explicitly targeted companies they know have cyber insurance because they are more likely to pay ransoms. 

A report from the cyber insurance provider Coalition in September noted that ransomware incidents represented 41% of all cyber insurance claims filed in the first half of 2020. The company said there was a 260% increase in the frequency of ransomware attacks among their policyholders, and they found that the average ransom demand increased 47% -- Claims ranged from as low as $1,000 to $2 million.

The problem has gotten so bad that earlier this year, insurance provider AXA revealed that, at the request of French government officials, it would end cyber insurance policies in France that pay ransomware victims back for ransoms paid out to cybercriminals.

AXA is one of Europe's biggest insurers and was considered the first to make such a drastic move. The plans would still cover ransomware recovery costs but would no longer include ransoms after cybersecurity leaders within the French government and French Senators aired concerns about the massive payouts going to cybercriminals during a roundtable in Paris in April.

Eight days after the ransom announcement, AXA itself was hit with a ransomware attack

Vickers told Reuters on Thursday that France is considering forcing all cyber insurers to stop reimbursing ransom payments due to how lucrative they have become for cybercriminals. 

There are already multiple companies reducing the level of cyber insurance coverage they offer, and industry sources told ZDNet that some reinsurers are realizing they didn't properly understand the exposure of companies to cyberattacks before offering certain coverage. 

According to industry sources, insurance companies are now trying to reduce their risk exposure, which is driving significant premium increases. 

Shawn Melito, chief revenue officer at BreachQuest, said he has been involved in the cyber insurance industry for more than ten years and speaks with dozens of brokers and insurers on a daily basis. The rate increases and interest in cyber insurance have long been expected, he said.

"You have the perfect storm of media coverage, lax data security, ease of use hacking tools like ransomware as a service, and massively increasing ransoms making this so attractive," Melito explained.

Shaun Gordon, CEO of BreachQuest, noted that the trickle-down effect of reinsurance rate increases for certain industries is driving significant increases in premiums to clients. 

"In industries, such as manufacturing and healthcare, we are hearing the premium increases can be as much as 100% and sometimes exceeding 150%," Gordon said. "A key driver of this is ransomware and the fact that many organizations have failed to implement technologies such as MFA in areas such as email, remote access and privileged account access."

Jack Kudale, CEO of insurance managing general agent Cowbell Cyber, said policyholders should expect to be asked more questions at renewal because of the recent wave of ransomware attacks, cybercrimes and other threats.

Kudale told ZDNet that cyber insurers are taking steps to clarify their coverage and remove ambiguous policy terms because of the rise of standalone cyber insurance. 

"Moving forward, the role of the insurers must go beyond response and recovery to include education and prevention. For example, organizations need cyber policies which are bundled with complementary cybersecurity training for all insured employees," Kudale said. 

"This will eradicate one of the basic root causes of many attacks: an employee clicking on a phishing email. Organizations must increase employees awareness of cybersecurity so that they can be the first line of defense and recognize malicious activities."

Editorial standards