Ransomware claims fall in SME segment: Risk Placement Services

Ransomware accounts for a diminishing percentage of cyber claims among small-to-mid-sized insureds, although it is the third-most-common type of attack, says a report issued Thursday.

Over the first eight months of this year, fraudulent payments and social engineering frauds accounted for more than half of cyber claims among small and medium enterprises, while ransomware accounted for just 16% of incidents, said Risk Placement Services Inc., a unit of Arthur J. Gallagher & Co., which based its information on proprietary RPS claims in its report on the cyber market outlook.

However, ransomware attacks today are more sophisticated, with ransomware-as-a-service expected to be one of the biggest threats to face the cyber market, the report says.

Among other trends, more cyber regulation is expected, with states such as North Carolina and Florida already having acted to ban public entities from paying ransomware.

This will be an area of concern for public entities, with several insurers having already pulled back from covering public entities, including in the K-12 public education sector, the report says.

The manufacturing industry has been the biggest target of cyber claims, accounting for 19% of the total, according to the report.

Themes expected to emerge for the rest of this year and into next include cyber insurance programs and pricing that are more commensurate with the risk; a potential return to a rise in frequency in ransomware losses as the Russia and Ukraine situation develops; inconsistency in the SME sector, with some markets lowering rates and easing underwriting requirements and others continuing a more disciplined approach; and a continued rise in social/engineering financial fraud claims.

“We anticipate innovative threats to critical infrastructure, financial platforms, operational technologies and cloud-hosted environments,” the report warns.