Insurers cut cyber cover as ransomware losses surge

Insurance firms are worried about profits as ransomware gangs become more sophisticated

The rise in ransomware incidents and growing sophistication of cyber attacks has forced insurance companies to cut the amount of cover they provide to customers.

When faced with the chaos of a potentially overwhelming ransomware attack, businesses usually approach their insurers for guidance and help to get their machines back up and running.

In the past, insurance companies routinely assisted their policyholders, cooperating with them to cover losses and minimise damage from a cyber attack.

However, due to the increasing frequency of attacks in recent years, insurers are now increasing their premiums, cutting policy coverage and even adopting an adversarial response to ransomware claims.

"Insurers are changing their appetites, limits, coverage and pricing," Caspar Stops, head of cyber at insurance firm Optio, told Reuters.

"Limits [the upper amount paid in a claim] have halved - where people were offering £10 million ($13.5 million), nearly everyone has reduced to five."

Ransomware is a method of cyber extortion in which an attacker locks down (or encrypts) a victim's system, data, or network, and holds it hostage until the victim pays up. The software used in these attacks can spread through a variety of methods, including malicious links, websites, attachments, emails, or infected drives.

Once a machine is infected, ransomware can spread to other systems on the network, preventing the organisation from operating. Ransomware payments are often requested in the form of Bitcoins or other hard-to-trace digital currencies.

American cyber insurance firm CNA Financial allegedly paid hackers $40 million (£30 million) to decrypt its data and restore systems, following a ransomware attack in March.

In June, meat processing giant JBS confirmed it paid $11 million (£8.2 million) to the REvil ransomware gang, which locked its systems at the end of May.

Ransomware gangs have grown increasingly sophisticated in recent years; they are investing time and money to hone their skills and tools, which has made insurers worried about their profits.

Insurers say some attackers even check whether potential victims have policies that would make them more likely to pay a ransom.

According to Reuters, Lloyd's of London, which has around 20 per cent market share in global cyber insurance, is now discouraging its syndicate members from accepting cyber policies next year.

According to insurance broker Aon, US cyber insurers' profits fell last year.

"It's very unlikely people are getting the same limits - if they are, they are paying an extraordinary amount," David Dickson, head of enterprise at broker Superscript, told Reuters.

Dickson gave example of a tech firm that previously paid £250,000 for £130 million of professional indemnity and cyber cover. It is now paying £500,000 for a cover of £55 million.

Earlier this year, an alleged member of the notorious ransomware gang REvil divulged details about the group's activity, stating that targeting organisations with cyber insurance was "one of the tastiest morsels" for REvil operators.

The individual further said that REvil operatives like to hack insurers first. After working through the insurer's customer list, they return to hit the company with a destructive attack.

Last year, the FBI issued a public service announcement advising organisations on how to handle ransom demands. The main advice is not to pay, and instead report the incident as early as possible. The agency also warned that paying ransoms only funds criminals' efforts.

"Ransomware payouts are out of control and insurance is one of the driving factors behind this new phase of attacking companies," saif Jake Moore, cybersecurity specialist at ESET.

"When payments are made, the ransomware business cycle continues and even ramps up, meaning more companies will inevitably be attacked. Many organisations view such hefty payouts as part and parcel of daily business, but the effects are huge and only continuing to rise.

"The age old mantra ‘prevention is better than cure' remains true, so companies must adhere to better procedures in protection of their assets. With insurance payouts halving, this may indicate the start of a possible slowdown. However, this may just mean demands double."