Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Policyholders may see rising cyber rates, restrictions: Panel

Reprints
ransomware

Policyholders could face 10% rate hikes on their cyber insurance over the new few months because of the growing losses associated with ransomware attacks, and coverage restrictions may be in the offing as well, an expert says.

“Insurers have got to adjust pricing” to make the coverage more sustainable, said Bill Siegel, CEO and co-founder of Norwalk, Connecticut-based Coveware Inc., a ransomware incident response and recovery company.

He was among the speakers on a panel on ransomware during the Minneapolis-based  Professional Liability Underwriting Society’s virtual annual conference Monday.

Mr. Siegel said that depending upon what happens at reinsurance renewals, in addition to possible rate hikes insurers may introduce sublimits, adjust retentions or add co-insurance so that insureds have “more skin in the game.” 

Insurers must also determine if the right questions are being asked about issues such as multifactor authentication and backups, he said.

Policyholders “should consider a holistic approach to cyber risk management” and be sure they understand that “not all cyber policies are considered equal,“ he said.

There is a “big difference” between a standalone policy built to address the risk and adding cyber coverage as an endorsement to another policy, he said.  If the latter is the case, “you may be disappointed if that’s what you’re relying on,” he said.

Mr. Siegel said it is important that policymakers, regulators, lawmakers and public and private enterprises recognize that “this is an industry that you’re up against,” not an individual sitting in his basement. It is large, mature and highly distributed, and “right now it’s too profitable,” he said.

He said the way to attack it is to make it less profitable, although there is “no magic bullet.”

Ransomware is distributed two different ways, he said. One is by a closely held, small group of ransomware developers who use it exclusively and do not allow anyone else to do so. These “tend to be the more technically sophisticated groups,” Mr. Siegel said.

The second type involves developers who have realized it is “much more profitable for them to not pull off the attacks themselves” but allow many affiliates, with whom they split the proceeds, to conduct the attacks for them, he said.

Mr. Siegel said ransomware attacks’ targets are still disproportionately small companies, typically with fewer than 200 employees, although many large public companies are attacked as well.

He said that while the bigger companies tend to have insurance and “get over it, it’s the small businesses that are really impacted by it and sometimes don’t recover.”

Panel member Lindsay B. Nickle, a partner with Lewis Brisbois Bisgaard & Smith LLP in Dallas, said that about a year ago, in addition to assuming control of companies’ files, cyber criminals also began exfiltrating data from companies’ systems and seeking funds not just to obtain the encryption key but to prevent the publishing of this data as well.

This puts cyberattack victims in a difficult position, because when criminals have customers’ or employees’ personal information, companies have an obligation to pay in order to protect them, but that makes it more difficult to control the ransomware issue, Ms. Nickle said.

“It does not just complicate recovery from an operational standpoint,”  but requires victimized companies to analyze the situation to determine if there has been a data breach, which creates a “myriad of notification requirements” that must be complied with within a short period of time, she said.

“These are smart criminal groups, and so they’ve found another way to trigger payments of money so they can benefit and monetize this activity” by adding another component, Ms. Nickle said.

She recommended companies prepare for the possibility of a ransomware attack by conducting tabletop exercises, and by determining who should be involved in making decisions if an incident occurs. 

These need to be the right stakeholders, who are “efficient and fast,” she said. If this net is cast too broadly, “it can hold the process down.”

It’s important to determine “who’s available to help you contain and diagnose and identify what has happened and who can stop the bleeding,” she said.

The session was moderated by Austin Bockwinkel, Chicago-based managing director of the Hauser Group, a risk advisory, insurance services and mergers and acquisitions services firm.