Ransomware is undeniably the number one concern for cyber insurers today. In recent years, there has been a significant rise in both the frequency and severity of ransomware attacks, with an equally substantial and corresponding uptick in cyber insurance claims.
There are several factors contributing to this increased exposure, according to Graeme King (pictured), managing director – cyber, Volante Financial & Professional Lines. First of all, hackers are becoming better organised and much more sophisticated in their approach, spurred on by the opportunity for a quick profit from the ransom demand, and secondly, the development ransomware-as-a-service (RaaS) is also opening-up this type of attack to a wider criminal base.
“What this means is that attackers are now much more responsive and can attack system vulnerabilities more aggressively before patches can be released,” explained King. “This was demonstrated by the recent Microsoft Exchange vulnerability, which is reported to have resulted in thousands of infections of unpatched Exchange servers worldwide.
“The ransomware threat poses a significant conundrum for organizations. Law enforcement agencies are urging companies to refuse to pay demands, but failure to do so could result in months of disruption as systems and data sets are rebuilt. However, even paying the demand is no guarantee of data release as many companies have found to their cost. Further, while companies may regain access to the data, often there is still a considerable cost associated with rebuilding the system and cleansing the data.”
These concerning ransomware trends have had a big impact on the US cyber insurance market in the past 12 months. Cyber insurers have started to increase premiums and deductibles, withdraw capacity, severely restrict ransomware coverage, and some have even introduced ransomware sub-limits and co-insurance arrangements.
“While the SME sector appears to have remained relatively competitive compared to other sectors, even here there are signs of a shift in strategy,” King noted. “Some insurers are carving ransomware out of a standard data-breach policy, and pricing it separately – often at a much higher premium than charged for the standard coverage.”
There is another option available to insureds. Volante Global, a multi-class and multi-territory international managing general agent (MGA) platform, recently announced the launch of a ransomware-only cyber solution, Cyber Lockout, which combines ransomware insurance cover with the latest in cyber security technology.
Available to US companies, Cyber Lockout is designed reduce an organization’s exposure to malware attacks, including ransomware. At the core of the proposition is a multi-layered cyber security solution, Trident Lockdown, provided by GBMS Tech, which is built to prevent malware, including those introduced through zero-day vulnerabilities, from executing in the customer’s computer systems. In addition, it offers a ransomware-only insurance policy, providing cover for the costs of recovering from a ransomware attack.
Commenting on the launch of Cyber Lockout, King said: “We’re at a pivotal point in the evolution of the cyber insurance market. Offering broad cyber insurance at a relatively low rate via a single annual application form is clearly no longer an effective approach to the growing cyber threat. We’re seeing companies adopting new strategies, such as co-insuring or sub-limiting ransomware, or simply raising rates significantly. However, there’s a clear risk that as ransomware and other attacks increase in frequency and severity, cyber insurance will become either too expensive or too limited in its scope.
“The development of ransomware-only insurance is one way of restoring price stability. Insurers then have the option to remove it from data-breach policies, with the standalone product there to fill the gap. However, to ensure that such coverage can be competitively priced, it must incorporate effective ransomware-prevention technology, which is a mandatory component of the policy agreement.”
All companies that purchase Cyber Lockout are required to install Trident Lockdown on all of their devices. The technology locks down all the client’s endpoints including computers, servers and mobile devices with multi-layered security which is designed to stop any malware from executing, explained Simon Simmons, chief operations officer, GBMS Tech and GBMS USA.
More cyber news: Cyberattacks turn into targeted affairs
“For many years, businesses have relied upon anti-virus software as their main line of defence,” said King. “Yet breaches have continued, and the increasing impact of ransomware is exposing the fragility of such an approach. The main reason is that antivirus software allows new variant malware to access the computer’s system where it can then execute.
“The difference with Trident Lockdown is that it only allows trusted programs to enter the company’s digital infrastructure. In effect, it blocks all malware that is not on the list of trusted applications ‘at the door’, whether these are known or new variants, preventing it from executing within the system. To ensure only safe applications are added to the trusted list, the security team at GBMS assesses the safety of each one. This expert check is more effective than automated processes, and is central to the effectiveness of Trident Lockdown at blocking all malware, including ransomware.”
The ransomware-only insurance policy that underpins Cyber Lockout covers the first-party losses associated with an attack, including breach counsel costs, fees relating to computer forensic services, data restoration costs, ransomware payments, and business interruption-related losses, if applicable. It does not cover third-party liability claims, which is why companies are encouraged to purchase it alongside a ‘standard’ cyber insurance policy that either excludes ransomware of has significant coverage limitations.
“Cyber Lockout is specifically designed around preventing the attack in the first place,” King stressed. “In the highly unlikely event of a successful attack, Cyber Lockout will focus on getting the client back on their feet as quickly as possible, with the risk of third-party claims when using the product extremely low.”