Cyber security is not a novel concept for companies, but it’s something that has been top of mind, especially in the last few years. No doubt the coronavirus and its sequential work-from-home mandates disrupted the cyber protection game in the last 12 months alone. Phishing schemes and ransomware attacks have since been on the rise.
In fact, one report shows that ransomware has increased by 239% since 2018. Additionally, payments made due to ransomware demands have tripled in the last two years alone.
“Ransomware is not new, but it’s certainly proliferated over the last two years,” said Jason Glasgow, Vice President, U.S. Cyber Lead at Allied World. “In its basic form, ransomware is a phishing attack or some other similar infiltration on a computer or server that allows bad actors to lock up a system and then ransom either the data or the keys to unlock that system for money.”
Whether that be in dollar amounts or a cryptocurrency like bitcoin is up the hackers themselves.
With such a pressing and prevalent vulnerability knocking at their cyber doors, it’s imperative that companies prepare for and mitigate the risk of ransomware now. To do that, they need to understand what’s at stake, as well as have an understanding of what risk strategies are available to them.
Here are three things companies and their risk teams need to know.
David Rock, Vice President, North American Claims Group at Allied World, said that the evolution of ransomware has been interesting to watch, particularly from the claims perspective.
“Six or seven years ago, ransomware attacks were similar to a sort of scattershot type of attack,” he said, further explaining that “the attackers would send out malicious links but didn’t necessarily know where the link would land.”
“Today, threat actors see the benefit of picking their targets and doing a little reconnaissance on who they are attacking,” Rock said.
That kind of due diligence on the part of the hacker is leading to much more sophisticated attacks. Bad actors are no longer relying on random, malicious links that could land anywhere from a Fortune 500 company’s inbox to a local small business. Instead, hackers are finding the value in understanding their chosen target.
These actors will now search out a company to see if it can even afford to pay a ransom in the event its data is locked.
“We’ve seen instances where threat actors will send a company evidence of the company’s ability to pay,” said Glasgow. It’s a growing trend in using ransomware to exfiltrate data.
Data has become king in the ransomware game. Gone are the days where a hacker would simply infiltrate and lock down a system; today, hackers are looking to get their hands on as much sensitive data as possible.
“Companies hold a lot of data, and depending on the type of business being conducted, that could mean customer information, employee information and sensitive materials on how their operations are run,” Rock said. “What we’re seeing in these is attacks is not so much a negotiation based on the return of a decryption key to unlock the systems, but instead a ransom for sensitive information.”
Cyber insurance acts as the first barrier when it comes to the threat of a ransomware attack. But when a ransom is set, insureds and insurers alike still need to be on top of the added exposures. From the ransom payment itself down to any legal fees, a ransomware attack isn’t just a cyber risk.
“Legal expenses are a large part of ransomware risk,” said Rock. “But it shouldn’t just be about providing insureds with legal coverage; there’s nuance to it.”
Insureds will want to partner with law firms that are specifically focused on cyber threats of this nature, particularly when it comes to privacy/cyber laws. This assistance and guidance ensure that insureds exposed to a ransom are responding to a breach accurately and swiftly.
“And certainly, any time you’re dealing with a ransomware attack, you’re going to be facing some type of potential payment,” Glasgow added. That could mean traditional dollars or — a popular option with hackers — cryptocurrency. “That means the insured will need to be partnered with an insurer that can help throughout the process of securing the payment.”
Beyond that, insureds will need to sort through forensic costs.
“Forensic vendors will assist insureds with shoring up their systems to help stop the attack and preventing it from proliferating even further,” Rock said.
Finally, a ransomware attack could leave operations at a standstill. Business interruption can be costly, so it’s imperative that coverage is in place before any attack can even occur.
“The importance of education can never be overstated when it comes to ransomware,” said Glasgow. “Every company can be a target. Therefore, every company and their risk management team needs to learn about what can happen.”
That starts with understanding the exposures and having a cyber plan in place to address each one. Cyber insurance can act as a roadmap for network security, Glasgow explained. “And that should help prevent all types of cyber attacks, in addition to ransomware.”
For insureds that do not have an internal risk management team, Glasgow and Rock both urge selecting a carrier that can help.
“Allied World, for example, has a platform called FrameWRXTM that is a robust risk management platform for the cyber space,” Glasgow said. “We help guide our insureds with expert vendors to help with various risk management items that the insured does not pay any additional cost for.”
In addition, companies must have an expert claims team on their side in the event a ransomware attack occurs. And finally, Glasgow and Rock suggest that no matter what the approach, it must be a collaborative one in which risk management, the insurer, claims and any vendor involved are all on the same page.
Facing a ransomware attack can be a stressful time for a company, no matter how prepared they might have been before the event. Even with all the right planning in place, nerves can run high.
But that doesn’t mean a company is completely without support. Having the right carrier involved from the start will ease the stress and help keep any issue or claim moving forward.
At Allied World, the team is working hard to do just that.
“Our policy is robust. It provides our insureds with multiple avenues of coverage,” said Rock. “We’ve seen every type of breach that’s been in the marketplace, and we see how they’ve evolved.”
“Because of that, we’ve taken a holistic approach between underwriting, risk management and claims,” added Glasgow.
Allied World brings together all departments to tackle companies’ ransomware vulnerabilities long before an event even occurs. Its approach starts at the beginning, during the underwriting process, where the team will evaluate a company’s risk. From there, once insured, Allied World’s risk management professionals provide proactive advice and support to help improve the company’s posture.
“Our claims team is actively involved with collaborating with both risk management and underwriting as well,” said Rock. “It’s all in an effort to make the response to any incident, any breach that could arise, as seamless as possible.”
To learn more, visit: https://alliedworldinsurance.com/
This material is provided as a resource for informational purposes only. It is not intended as, nor does it constitute, legal, technical or other professional advice or recommendations. While reasonable attempts have been made to ensure that this information is accurate and current as of its publication date, we make no claims, guarantees, representations or warranties, either express or implied, as to the accuracy, completeness or adequacy of any information contained herein. Consult your professional advisors or legal counsel for guidance on issues specific to you. Additionally, this material does not address all potential risks and may contain time-sensitive information. No responsibility is assumed to update this material and there is no guarantee or representation that this information will fulfill your specific needs or obligations. This material may not be reproduced or distributed without the express, written permission of Allied World Assurance Company Holdings, Ltd, a Fairfax company (“Allied World”). Actual coverage may vary and is subject to policy language as issued. FrameWRX services are provided by third-party vendors via a platform maintained in Farmington, CT by Allied World Insurance Company, a member company of Allied World. © 2021 Allied World Assurance Company Holdings, Ltd. All rights reserved.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Allied World. The editorial staff of Risk & Insurance had no role in its preparation.