Ransomware surge is changing the cyber insurance market: Markel
The cyber insurance market has become one of the industry’s most important growth avenues over the past decade as demand for coverage for digital threats has grown.
With more businesses relying on digital infrastructure for an increasingly large proportion of their transactions, and simultaneously producing more data, a valuable part of commerce, carriers have moved quickly to provide protection against the threat of loss.
The market has boomed, but there has been a growing concern about these exposures and whether carriers are charging an appropriate premium for the risk being taken.
Jess Cardoso, Markel’s head of Bermuda E&O underwriting, spoke to Bermuda:Re+ILS to discuss how the market is responding to increasingly sophisticated and damaging threats and what the future holds for cyber coverage.
One of the major themes impacting the market as a whole recently has been the surge in claims in both number and value stemming from ransomware attacks.
Ransomware attacks in years gone by would have mostly targeted smaller businesses with relatively weak security systems, locking users out of their infrastructure until a payment, often in cryptocurrency, was made to the scammers.
Now the criminals are targeting large multinationals, Cardoso says. The perpetrators behind the attacks are developing new, more structured methods of extorting businesses, is a key driver behind the rise in claims.
“These criminal gangs are very sophisticated, they’re well organised, and these attacks have become more complex and lucrative. The trend was to target smaller, more vulnerable companies without a need for particularly sophisticated attacks.
“Ransom demands were small by design, because victims were more likely to pay the ransom and less likely to involve law enforcement,” she explains.
“This strategy was so successful that it perpetuated more attacks. With the increased complexity of ransomware attacks, hackers could then extort ransom from larger, more sophisticated companies with deeper pockets.”
“We’re seeing terms include coinsurance, as ransomware becomes an increasing threat.” Jess Cardoso, Markel
Not just the pandemic
With the COVID-19 pandemic forcing millions of people to work from home, there have been concerns that businesses are more vulnerable to such attacks given that many people are working from personal devices and networks which may not have the same strength of security that for example a corporate setup would.
But, Cardoso says, that hasn’t necessarily been the case, at least for the high-value claims that impact the Bermuda market.
“The trends we’ve been seeing in the last 18 months have less to do with the pandemic than we expected them to. Our insureds have been remarkably prepared in mitigating work-from-home vulnerabilities such as use of insecure personal devices, phishing scams, and insecure remote access,” she says.
“The methods of attacks we’re seeing haven’t changed, but the prevalence of ransomware attacks has increased in both frequency and severity.
“There is some correlation between a greater work-from-home workforce and the increase in ransomware, but we haven’t seen that translate to severe claims.”
Nevertheless, the increased number and severity of claims has prompted a response from cyber underwriters, with rates being upped significantly to compensate for the higher losses hitting carriers.
Cardoso says that companies are increasingly turning to the use of external vendors to vet and test insureds’ cybersecurity profiles as a way of mitigating future losses and assessing how ready clients are for any potential threats.
“The market has responded by necessarily pushing rates up. Average rate increases are up between 25 and 400 percent, depending on the risk profile and the scope of coverage,” she says.
“Also notable in underwriting cyber exposure is how much smarter and technical we’re becoming. We’re using external vendors to perform scans of companies’ external-facing threat surfaces. These scans use passive intelligence sources and threat feeds to vet a company’s cybersecurity posture.
“These vendors have been around for several years, but they are becoming more useful in assisting underwriters to identify the best risks, and better manage their portfolios.
“We’re seeing terms include coinsurance, as ransomware becomes an increasing threat. We sometimes want to ensure that companies have skin in the game when they are considering paying significant ransom,” she adds.
“Carriers grapple with what their aggregate loss exposure to a particular threat vector looks like across all the policies they write.”
Aggregation threats
The market has a keen eye on monitoring and managing aggregation—a long-standing challenge for the cyber market.
“Insurers are trying to protect themselves from single threats leading to aggregate losses through their underwriting, but also within the terms of their policies,” Cardoso says.
Carriers are also becoming more discerning about the limits of coverage they are willing to offer clients, particularly given the potential for huge aggregate losses from company-wide cyber attacks.
“Limits management is a huge focus for cyber carriers. Carriers that were deploying up to $25 million in capacity previously are now looking to deploy typically no more than $10 million on any one programme.
“There’s still a lot of focus on where cyber ‘creeps’ into other policies such as casualty, D&O, and property.
“All carriers grapple with what their aggregate loss exposure to a particular threat vector looks like across all the policies they write. It’s another reason carriers are managing their limits more conservatively in the last 18 months,” she concludes.
