In a new report, cyber insurer Allianz Global Corporate & Specialty (AGCS) analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.
During the Covid-19 crisis another outbreak has happened in cyber space: a digital pandemic driven by ransomware. Malware attacks that encrypt company data and systems and demand a ransom payment for release are surging globally.
The increasing frequency and severity of ransomware incidents is driven by several factors: the growing number of different attack patterns such as ‘double’ and ‘triple’ extortion campaigns; a criminal business model around ‘ransomware as a service’ and cryptocurrencies; the recent skyrocketing of ransom demands; and the rise of supply chain attacks.
Five areas of focus
In the report, AGCS identifies five trends in the ransomware space, although these are constantly evolving and can quickly change in the ‘cat and mouse’ race between cyber criminals and companies:
Main drivers of losses
Business interruption and restoration costs are the biggest drivers behind cyber losses such as ransomware attacks, according toAGCS claims analysis.They account for over 50% of the value of close to 3,000 insurance industry cyber claims worth around €750mn ($885mn) it has been involved in over six years.
The average total cost of recovery and downtime – on average 23 days – from a ransomware attack more than doubled over the past year, increasing from $761,106 to $1.85mn in2021.
The surge in ransomware attacks in recent years has triggered a major shift in thecyber insurance market.Cyber insurance rates have been rising, according to brokerMarsh, while capacity has tightened. Underwriters are placing increasing scrutiny on the cyber security controls employed by companies.
Three out of four companies do not meet AGCS’ requirements for cyber security. Companies need to invest in cyber security. Losses can be avoided if organizations follow best practices. A house with an open door is much more likely to be burgled than a locked house
explains Marek Stanislawski, Global Cyber Underwriting Lead at AGCS.
Best practices
#1 Ransomware identification
#2 Business continuity /incident response plan
#3 Backups
#4 Endpoints
#5 Email, web, office documents security
#6 Segmentation
#7 Mergers and acquisitions
