Security News

Bloomington School District 87 in Illinois has published its cyber-insurance renewal details, and the cost has jumped from $6,661 in 2021 to $22,229 this year. Suburban School Cooperative Insurance Program is an insurance pool allowing school districts to join together to negotiate better insurance rates and lower management fees.

Unsealed court records show pharmaceutical giant Merck was awarded a $1.4 billion payout last month on its property insurance policy, for losses the company suffered because of the 2017 NotPetya cyberattacks. Merck's $1.75 billion property insurance policy will have to cover the damage the NotPetya attacks did to the company's 40,000 computers, totaling more than $1.4 billion, according to the court filing.

In this interview with Help Net Security, Avi Bashan, CTO at Kovrr, talks about cyber insurance trends and how the growing threat landscape impacted both insurers and insurees. At the same time they feel more vulnerable to a ransomware attack than ever before, insurers are pulling back to the point where cyber insurance is more expensive than used to and thus demands clearer justification of the investment for most companies, and policies that cover a broad range of cyber incidents are more scarce.

Cyber insurance premiums are increasing and so is infosec's determination to get a slice of that pie: Cloudflare is partnering with Mandiant, Secureworks, and Crowdstrike in a "Rapid referral" partnership for under-attack companies. The move was announced today as Cloudflare claimed that insurance premiums "Have increased upwards of 50 per cent," with price hikes mainly hitting "The small and medium enterprises that find themselves as the common target for these cyber attacks."

Fallout from nation-state sponsored cyberattacks will no longer be covered under cyber-insurance policies issued by famed insurer Lloyd's of London. The insurance juggernaut's underwiring director Patrick Davidson just released four new Cyber War and Cyber Operation Exclusion Clauses, outlining the new terms.

The research found that fraud fighters - professionals tasked with investigating and prosecuting insurance fraud - in North America were the least prepared for threats from abroad. "Organized rings, both foreign and domestic, are stealing billions," Coalition Co-Chair David Rioux of Erie Insurance said. Globalized insurance fraud is not a priority at all for 27.7% of respondents and a low-to-medium priority for 57.5% of respondents, leading to a lack of resources and time invested in day-to-day operations fighting global insurance fraud.

The original purpose of cyber insurance is to cover the extortion losses of a business if a successful ransomware attack happens, and the business has no other options but to pay the ransom demand for business continuity or to mitigate future losses. This growing lack of vigilance and responsibility from some insured companies is tilting the balance of the cyber insurance market, forcing the insurance companies to raise the premium price and adjust the underwriting standards to lower their own risks of loss.

The growing number of ransomware attacks has burdened many oganizations, but it has also greatly impacted the cyber insurance industry, which found itself having to cover large ransomware demands. This called for a chenge in policies but also the need to enhance cyber insurance with cybersecurity knowlege.

72% of consumers said they would be uncomfortable purchasing insurance without speaking to a human being, and 64% would be uncomfortable filing claims on a website or app without human interaction. The survey also found that consumers value privacy more than potential savings.

According to the U.S. Government Accountability Office, the number of companies opting for cybersecurity coverage grew from 26% in 2016 to 47% in 2020, and most saw breach insurance premiums increase by up to 30%. Given the clear financial stakes, it is time security leaders understand the risks before adding cyber insurance to their strategy for ransomware prevention and recovery. Most organizations are not equipped to handle a ransomware attack appropriately without expert help, so they should call reputable, experienced security consultants immediately for their extensive experience with ransomware remediation.