SAN DIEGO — Companies are experiencing a worrisome recent increase in ransomware demands.

The increase follows an apparent relative lull in payments related to the war in Ukraine, as cybercriminals in that region appeared to be at least temporarily diverted by the conflict, said speakers at the Wholesale & Specialty Insurance Association’s Annual Marketplace on Monday and Tuesday.

“We feel like we’ve got a year-and-a-half reprieve from ransomware attacks,” which may have been because of the focus on the war, said Jeff Kulikowski, senior vice president, professional lines, for Westfield Specialty, a unit of Westfield Insurance Co.

There was “definitely more ransomware in the last quarter,” said Derek Kilmer, associate managing director, professional liability, with Burns & Wilcox in Farmington Hills, Michigan.

Julie Marvel, Indianapolis-based vice president-southeast underwriting manager for Axa XL, a division of Axa, said that while there may have been a slowdown, “ransomware didn’t go away.” She noted there have been ransomware issues in the oil and gas, municipalities and education sectors.

Mr. Kulikowski pointed to cyberattacks on the casino operations of MGM International and Caesars Entertainment earlier this month and said, “It is hard to tell whether (cybercriminals’) pattern of attacks has completely changed.” The focus recently has been on higher volume, smaller attacks, particularly against small to midsized companies, he said.

“We have to figure out” if this is a one- or two-off situation, or the start of a trend, Mr. Kulikowski said. 

Megan Spencer, Atlanta-based senior underwriter, cyber and tech, at Axa XL, said the casino attacks show that companies “must open up their eyes” and that these attacks are a matter of “not if but when” and increase their cybersecurity presence.

Michael Phillips, New York-based cyber practice leader USA, for CFC Underwriting Ltd., said the cyber market is “a very unsettled place.”  There is continued confusion around pricing, with a number of markets that have responded to ransomware frequency with quick corrections, he said.

“For brokers and buyers, that instability is making it difficult to close the sale,” Mr. Phillips said. “It’s making clients skeptical about the integration of the product when the prices are spiking up and down with a lot of volatility.”

Steve Robinson, Cambridge, Maryland-based national cyber practice leader, executive lines, for Risk Placement Services Inc., an Arthur J. Gallagher & Co. unit, said that in next year’s second quarter, “I envision there being some upward adjustment in rates, perhaps a return to more underwriting discipline.” 

There cannot continue to be “higher frequency and lower pricing for so long before loss ratios go up,” and when that happens there must be adjustments to ensure profitability, he said.