In a recent client study by Aon, ransomware attacks were reported as having increased 311% from Q1 2019 to Q2 2021, with clients anticipated to continue losing money if they don’t adopt comprehensive cyber insurance solutions.
Only 31% of organizations have proper cyber hygiene measures in place to protect themselves against attackers, it suggests, but Aon has developed bundled cyber offerings to fill this gap.
“There has been a huge movement to increase digital capabilities and organizations went full force making rapid technological moves without the necessary cyber security planning,” explained Katharine Hall (pictured), senior VP and practice leader at Aon.
For the industry this has led to sizable losses, and ransomware attacks are not anticipated to slow down any time soon.
With this in mind, solutions are vital – and Hall spoke about looking at clients from a holistic perspective. Aon’s ‘readiness’ and ‘preparedness’ bundles look at non-insurance related activities to help clients understand what they should focus on in addition to simply buying insurance.
“When we put together these particular ransomware bundles, they’re primarily targeting concerns clients have around their exposure,” she said. “If we look at the preparedness bundle, for example, this particular collection of services is aimed at looking at who could potentially access a client’s information and scanning internal systems to assess vulnerabilities from a market perspective.”
“Bundles are meant to be a solution where clients can focus on tangible strategies that could be put in place to enhance security and mitigate exposures,” Hall added.
These tangible solutions can range from user awareness training, to having the right partners to help in the event of a ransomware attack. They are meant to offer both preventative and defensive cyber strategies.
This has become particularly important amid a hardening market, where insurers are increasingly turning away from accounts they deem too risky. Risk mitigation activities, such as multi-factor authentication, endpoint detection and user awareness training are some of the minimum benchmarks in order to qualify for a cyber policy in today’s marketplace.
“The combination of consulting services and risk transfer strategies makes the insurance process easier,” Hall noted. “It shows insurers that you’re paying attention and makes insurance companies more open to partner with you since the risk mitigation is in place.
“We have seen an evolution in ransomware where the first wave was straightforward – information was being held and released. Now, it’s evolved where information is being frozen, exfiltrated and additional pressure is being placed on executives with threats to share information on social media to ensure payment. Just as ransomware is evolving, it’s important that insurance policies evolve too.”
Bundled offerings call for more detailed underwriting discussions and Hall said that by the end of 2022, there will hopefully be more stability and predictability in the marketplace thanks to these products.
“Cyber protection has become a holistic exploration for clients. In a space that moves so quickly you need to stay current to manage risk,” Hall emphasized. “The creation of bundles was really driven by conversations with clients and building solutions around their unique exposures.”