Cyber Risk and Insurance in 2022 – The pandemic has created new cyber vulnerabilities, increased existing risk factors, and accelerated the rate at which cybercriminals wreak havoc on even the most secure systems. No doubt 2022 will see more of the same.
Many large organizations replied to heightened cyber threats by increasing their security budgets and deploying next-generation security technology. However, small and medium-sized businesses with less sophistication and smaller budgets are not helpless. By staying on top of the changing risk landscape and implementing basic countermeasures, business owners and their IT professionals can deter cyberattacks and better prepared to respond if they happen anyway.
Organizations with a strong focus on cyber security can also make a case for more favorable terms from the cyber insurance market, which has seen rates rise and coverage shrink as claims accelerate in recent years.
A quick expedition of the cyber risk and insurance landscape in 2021
Cybercriminals had a successful season in 2021. As per Check Point Research, cyberattacks expanded by half in 2021 contrasted with 2020, with every association confronting a normal of 925 assaults each week.
With huge quantities of representatives telecommuting and involving their own gadgets for business purposes, corporate organizations have been left powerless against individual workers’ frequently deficient security practices. As per security firm CrowdStrike in its 2021 Global Treatment Report, this made a “taking care of free for all for digital hunters powered by the bonus of simple admittance to organizations and delicate information.”
By a long shot, phishing and ransomware were the real assault vectors, influencing both huge and independent companies. Phishing assaults expanded in number and complexity as “dread, concern, and interest around COVID-19 gave the ideal cover to a phenomenal ascent in friendly designing assaults,” as per CrowdStrike. The human hacking report distributed by Slash Next Threat Labs shows that phishing assaults expanded by 51% in 2021 compared with 2020.
Successful phishing campaigns have often resulted in ransomware assaults. Ransomware is not a new cyber risk, but cybercriminals have learned to use it much more devastatingly in recent years. Since the start of the pandemic, ransomware claims have increased fourfold. The average ransom demand increased by around 900% as cybercriminals employed increasingly sophisticated and damaging tactics, techniques, and procedures. A notable 2021 ransomware attack targeting pipeline operator Colonial Pipeline resulted in the payment of $4.4 million to a Russian cyber gang.
Denial of service can affect businesses of any size
In addition to the cost of paying criminals, ransomware attacks can also cause downtime and business interruption losses. For example, a 2020 attack at the University of Vermont Medical Center cost the hospital an estimated $50 million, mostly from lost revenue.
Numerous ransomware assaults target supply chains. Empowering utilizes a solitary interruption to go after various targets. Cybercriminals frequently utilize more modest, weak organizations in a store network to get to bigger, better-safeguarded organizations.
One of the most inescapable and refined production network assaults designated SolarWinds, a significant data innovation organization. SolarWinds unwittingly sent programming updates to its clients, including US government organizations like the Department of Homeland Security, the Department of State, the Department of Energy, the National Nuclear Security Administration, and the Treasury, which was tainted with code that left them powerless against programmers. More than 18,000 associations, both public and private, were impacted.
Higher losses, higher demand
The increase in losses caused higher prices and more restrictive underwriting criteria in the cyber insurance market. Before 2020, competition controlled rates as the cyber insurance market grew and matured. In addition, technical results were generally favorable, attracting capacity to the business line.
Misfortune proportions started to crumble in 2018 and 2019. In 2020, as per S&P Global, they shot up 25 focuses, or over 72%, due significantly to an expansion in ransomware occasions. Accordingly, insurance payments started to sneak up in 2019 and rose all the more certainly in 2020 and 2021. The “market cost” vanished, with quotes for a similar business differing fiercely from one guarantor to another, all buying in from a similar show.
In addition to increasing premiums, underwriters tightened criteria and increased scrutiny of network security protocols. Carriers also scaled back on individual risks and their aggregate portfolio exposures.