The evolution of cyber insurance awareness has seen a significant surge in recent years, driven by the increasing frequency and sophistication of cyber threats.
Consider last week's TikTok hack, where attackers exploited a security vulnerability in the platform's direct messaging feature to hijack several high-profile accounts.
As content creators and businesses across all sectors become more reliant on digital operations, the risks associated with data breaches, ransomware attacks, and other cyber incidents have grown exponentially.
Kirsten Mickelson (pictured above), cyber practice group leader at Gallagher Bassett, spoke with Insurance Business on the evolving landscape of ransomware attacks.
“Anyone that uses a computer has a cyber risk,” Mickelson said.
“Years ago, threat actors were more targeted. They’d focus on financial, educational and government institutions because they were more lucrative and had deeper pockets.”
Modern threat actors, however, are playing a numbers game, targeting any low-hanging fruit they can find.
Just as TikTok's security flaw allowed hackers to easily infiltrate the platform, organizations with inadequate cyber protections are similarly at risk, exposing themselves to a continuously evolving threat landscape.
As ransomware attacks become increasingly advanced, hackers have transformed their approach to negotiation, turning hacking into a genuine business.
In the past, victims were often redirected to a dark web portal to communicate with threat actors. This interaction frequently required the use of a translator app, which could make it challenging to discern the hacker’s true tone. Were they angry, or were they receptive to negotiations?
Today's processes are more sophisticated. Now, when a faulty link is clicked, victims are redirected to customer service-like chatbots, similar to those on retail websites.
“There might even be an icon with a friendly face, making it feel a bit more personal. Once you decide to pay, you’ll be given a decryptor to recover your data. But if it doesn’t work or is corrupted, someone on the other end will guide you through the process,” Mickelson said.
As cyber hacking operations grow more advanced, it's becoming a challenge for organizations to determine whether paying a ransom will result in the recovery of their data.
“There used to be more honor amongst thieves,” Mickelson said. “If a group didn’t honor their commitment to return stolen data, then no one was going to pay, because everyone would know that group was known for taking your money and running.”
Change Healthcare, a major US healthcare company, recently paid $22 million to the BlackCat ransomware group amid a cyberattack that disrupted prescription drug services nationwide.
However, the criminal who allegedly facilitated the access to Change’s network claims that BlackCat cheated them out of their ransom share and still possesses the sensitive data Change paid to have destroyed.
“With ransomware as a service, there is less control over the main group's affiliates, which can be problematic,” said Mickelson.
Victims must understand that they typically have limited insight into how hackers organize internally. Even after ransoms are paid, the risk of data leaks often remains.
The lack of transparency surrounding hacking groups highlights the need for organizations to implement stringent cyber measures from the outset.
While the buying of cyber insurance is still in its infancy; brokers are increasingly educating organizations on its importance.
“The market for cyber is worth billions of dollars, and more and more companies will require this coverage. Cyber risk is business risk,” Mickelson said.