Security News

Only 55 percent of companies have any insurance at all. "The situation is particularly acute for uninsured small and mid-sized businesses, who must weigh the soaring costs of cyber insurance premiums against the very real risk of being unable to recover from a successful attack."

The number of organizations that will be either unable to afford cyber insurance, be declined cover, or experience significant coverage limitations is set to double in 2023, according to Huntsman Security. "Loss ratios will not improve until premium incomes better match the current level of pay-outs. With this reduced insurance access alongside increasing cyber threats and tightening regulations, many organizations are losing cyber insurance as an important risk management tool. Even those who can still get insurance are paying a prohibitively high cost," Woollacott continued.

For the most part, it has been a quiet week on the ransomware front, with a few new reports, product developments, and attacks revealed. Finally, we learned about ransomware attacks this week, including ones on Spanish National Research Council, Semikron getting hit by LV ransomware, the German Chambers of Industry and Commerce, and Creos Luxembourg.

A Panaseer survey of global insurers across the UK and US found that 82% are expecting the rise in premiums to continue, with 74% of insurers agreeing that their inability to accurately understand a customer's security posture is impacting price increases. This Help Net Security video highlights how the increasing cost of ransomware affects global insurers.

A Panaseer survey of global insurers across the UK and US found that 82% are expecting the rise in premiums to continue, with 74% of insurers agreeing that their inability to accurately understand a customer's security posture is impacting price increases. To help combat the ransomware crisis, researchers found that 87% of insurers want a consistent approach to analysing cyber risk, and 89% want direct access to customer security metrics and measures proving the status of security controls.

We're now seeing a shift back to traditional risk measurement, with underwriters approaching cyber insurance in a manner similar to physical insurance - by assessing where the biggest risks are and determining whether they should exclude certain risks from coverage, as well as establishing a bar to define what constitutes reasonable care. By the end of 2020, more than half of cyber insurance policy holders saw the price of their coverage rise by as much as 30 percent, according to GAO. While the current conflict in Ukraine will likely lead to a rise in cyber insurance purchases, the harsh reality is that most coverage will not protect enterprises from nation-state attacks or even ransomware.

Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused - and that's where the fine print comes in. In the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance.

Pure IR retainers typically don't offer security leaders flexibility to maximize their investment, but by being permitted to use credits toward preparedness, testing, simulations and so forth, cyber risk can be mitigated. There are three key elements to achieving an effective cyber risk retainer: negotiation, structure and execution.

While most people would not think of the insurance sector as a focus for cyberattacks, new findings show that the industry may have a serious security problem. The recently released Cyber Insurance Risk in 2022 report from Black Kite shows that 82% of the largest insurance carriers are the focus of ransomware attacks from cyber criminals.

Black Kite released a report that examines rising cyber risk concerns and ransomware susceptibility in the insurance sector. The most notable takeaway: nearly 20% of the top 99 insurance carriers have a high susceptibility to ransomware.