Security News

In this interview with Help Net Security, Avi Bashan, CTO at Kovrr, talks about cyber insurance trends and how the growing threat landscape impacted both insurers and insurees. At the same time they feel more vulnerable to a ransomware attack than ever before, insurers are pulling back to the point where cyber insurance is more expensive than used to and thus demands clearer justification of the investment for most companies, and policies that cover a broad range of cyber incidents are more scarce.

Cyber insurance premiums are increasing and so is infosec's determination to get a slice of that pie: Cloudflare is partnering with Mandiant, Secureworks, and Crowdstrike in a "Rapid referral" partnership for under-attack companies. The move was announced today as Cloudflare claimed that insurance premiums "Have increased upwards of 50 per cent," with price hikes mainly hitting "The small and medium enterprises that find themselves as the common target for these cyber attacks."

Fallout from nation-state sponsored cyberattacks will no longer be covered under cyber-insurance policies issued by famed insurer Lloyd's of London. The insurance juggernaut's underwiring director Patrick Davidson just released four new Cyber War and Cyber Operation Exclusion Clauses, outlining the new terms.

The research found that fraud fighters - professionals tasked with investigating and prosecuting insurance fraud - in North America were the least prepared for threats from abroad. "Organized rings, both foreign and domestic, are stealing billions," Coalition Co-Chair David Rioux of Erie Insurance said. Globalized insurance fraud is not a priority at all for 27.7% of respondents and a low-to-medium priority for 57.5% of respondents, leading to a lack of resources and time invested in day-to-day operations fighting global insurance fraud.

The original purpose of cyber insurance is to cover the extortion losses of a business if a successful ransomware attack happens, and the business has no other options but to pay the ransom demand for business continuity or to mitigate future losses. This growing lack of vigilance and responsibility from some insured companies is tilting the balance of the cyber insurance market, forcing the insurance companies to raise the premium price and adjust the underwriting standards to lower their own risks of loss.

The growing number of ransomware attacks has burdened many oganizations, but it has also greatly impacted the cyber insurance industry, which found itself having to cover large ransomware demands. This called for a chenge in policies but also the need to enhance cyber insurance with cybersecurity knowlege.

72% of consumers said they would be uncomfortable purchasing insurance without speaking to a human being, and 64% would be uncomfortable filing claims on a website or app without human interaction. The survey also found that consumers value privacy more than potential savings.

According to the U.S. Government Accountability Office, the number of companies opting for cybersecurity coverage grew from 26% in 2016 to 47% in 2020, and most saw breach insurance premiums increase by up to 30%. Given the clear financial stakes, it is time security leaders understand the risks before adding cyber insurance to their strategy for ransomware prevention and recovery. Most organizations are not equipped to handle a ransomware attack appropriately without expert help, so they should call reputable, experienced security consultants immediately for their extensive experience with ransomware remediation.

Cyber insurance firm At-Bay on Tuesday announced raising $185 million in a Series D funding round at a post-money valuation of $1.35 billion, which gives the company "Unicorn" status. The latest funding round was co-led by Icon Ventures and Lightspeed Venture Partners, with participation from Khosla Ventures, M12, Acrew Capital, Qumra Capital, the HSB fund of Munich Re Ventures, entrepreneur Shlomo Kramer, and Glilot Capital.

Cloud-based IT provider Cloudstar has been hit by ransomware, taking down its systems. It offers remote virtual desktops, cloud-hosted software and storage, and IT security to businesses in the Americas working in real estate, finance, insurance, and petrochemicals.