Recently, the Cyber Insurer Coalition published a joint report with federal organizations showing that cyber-attacks have increased dramatically during the first half of 2021. The investigation analyzed 50,000 claims from policy holders in the United States and Canada in their words, the H-1 2021 Cyber Insurance claims report shows that “cyber-attacks involving ransomware increased 50% from January to July compared with the same time period of 2020. At the same time, the frequency of claims against policy holders related to cybercrimes jumped 57% during the period from January to June of this year.”
The key points regarding the increase reported can be summarized in 3 Points:
- Ransomware crimes increased 28% putting corporative emails at the top of the cybercrime attacks. Comparing the figures from 2020 to 2021, email hacks has doubled form one year to another.
- The average ransom asked is $1.2 million. Ransoms demanded from Coalition increased 70% from what had been the average of 2020 and mostly targeted towards small to medium companies.
- Ransomware is the main culprit for claims increase: Stealing Data is the most frequent cybersecurity attack. With a huge increase between 2019 and 2021 followed by social engineering and fund transfer fraud threats.
Today, we are going to analyze the current situation of the attacks and its impact on the Insurance Industry.
What is Ransomware
According to PBS News, the Public Broadcast Service News Site, ransomware is a form of malicious software that encrypts files making them impossible to access without a key. To get that key, the user must pay a ‘ransom’ which amounts to large sums of money, more times than not, in the form of cryptocurrency.
Nowadays, hackers are starting to infiltrate companies and laying low for months. It is in the moment where they have studied the organization and know what is most valuable about them, that they start the ransomware attack.
How Ransomware is changing the Insurance Industry
Ransomware As a Service (RaaS) was determined as another top cause of cybercrime increase. RaaS is a business model commonly used by hackers. The way they operate is by leasing malware variants to the highest bidder for a large amount of money. That way, even a person without the technical knowledge, can launch an attack.
According to Harvard´s finance magazine HBR, “ransomware attacks have changed the nature of the game by targeting companies rather than consumers. This change forces companies to pay a steep and direct price for lax security. This means that managers at all sorts of companies are going to have to focus in a newly serious way on improving cybersecurity and protecting their networks.”
In this scenario, the attack not only hurts the company financially after the ransom is paid but it also hurts reputations. “It generates bad press; it can turn employees or customers against the victimized organization and it proves further to cybercriminals that the organization is vulnerable to these types of attacks” said the cyber defense specialist, Roger Grimes.
Six Points to Consider to Reinforce Cybersecurity
Considering that the Insurance Industry deals with sensitive information, the risk involved in cyber-attacks are among the major concerns for most companies. The leak of personal or health information can be the source of expensive and counterproductive litigation.
To be prepared and avoid these risks, here you have six key tips you can start implementing today to reinforce your cybersecurity plan.
- Train your staff: Make sure that all the involved parties that handle sensitive information are trained to face cybercrime. It’s important to know who is handling security and what they are doing to protect your company.
- Know your Assets: What gets measured gets managed. Track the most valuable information and take protection measures to secure them.
- Prepare your Security Toolbox: Be aware of every tool you are counting on to protect your cyber assets. This could include Antiviruses, anti-malware software, VPNs, and firewalls. Make sure you know what you have and what you lack.
- Know your weaknesses: Are there any security weak spots? Can you work on them? How? Detail what the potential threats you face are and how you will address them.
- Draw a Plan: Develop a Standard Operating Procedures for your security threats and include potential scenarios in your Risk Management Plan.
- Never stop updating: Threats are always changing and so should you. Review your threats and procedures, perform audits on IT and keep your employees updated on the latest on security.
Security is changing day by day according to the new threats arising in the digital world. A risk management plan is a very useful tool with which you can outline risks regarding cybersecurity and how to tackle each different scenario.
This risk plan will not only have a detailed assessment of every situation involving cyber risks for your company, but will also provide answers and help make the correct call when the situation demands.
The best practice to confront this alarming increase in attacks is to take action as fast as possible. Be prepared to act as soon as possible when a threat is detected. For more information on how to develop a Risk Management Plan visit our blog on the subject.