By Noor Zainab Hussain and Carolyn Cohn
(Reuters) – Ransomware attacks increased in terms of both severity and costs this year, forcing insurers to become more selective and even scale back on the cover they offer against cyber crimes, a report from a leading insurer showed.
The total costs of ransom payments doubled year-on-year through the first six months of 2020, according to the report from Lloyd’s of London insurer Beazley Plc that called such attacks the biggest threat facing businesses.
Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups and leaving users locked out of their systems, with the demand of a ransom to be paid to restore computer functions.
They differ from a data breach or other types of hacking, which may steal large batches of customer data or other information from companies or individuals.
Paul Bantick, Beazley’s global head of cyber and technology, said that ransomware attackers were demanding more money than in the past and had also become more creative in ways in which they sought to extort money.
“COVID-19, coronavirus, vaccines, all these things, they have enabled people to target organizations,” Bantick said.
“Someone that you’ve been in contact with has tested positive, please click here to find out – You’ve got a much higher chance of, given what’s going on in the world, people clicking on those bad emails,” he said.
Giving no details of the companies involved, the report cites an incident where an automotive group was hit with ransomware and a cyber extortion demand of nearly $500,000.
The attackers provided proof they had extracted employee data and, after negotiations led by the insurer, a ransom of $50,000 was eventually paid, according to the report.
The rise in such incidents has led to a jump in cyber insurance rates, Beazley said, but added that capacity in the market had reduced because insurers were wary of losses.
Higher premiums have also resulted in smaller businesses, already hit hard by the coronavirus-induced slowdown, feeling the pinch.
Several industry players have told Reuters that many smaller companies have cut their cyber insurance completely this year due to a squeeze on cashflow from the coronavirus crisis and rises in other premiums.
They said cyber insurance businesses are also struggling with profitability, having been hit by the rise in ransomware attacks and legal battles over insurance claims after the NotPetya attacks in 2017.
Graeme Newman, chief innovation officer at another industry player, CFC Underwriting, said separately that rates had gone up by about 15% to 25% in the third quarter.
He also said there have been much bigger jumps in rates in certain sectors, including public entities and education.
“There have been some changes in capacity with a few smaller players exiting the market and others adjusting appetite. We are still writing with a line of up to $50 million but are being increasingly selective as to where we deploy this capacity,” CFC’s Newman said.
(Reporting by Noor Zainab Hussain in Bengaluru and Carolyn Cohn in London, additional reporting by Suzanne Barlyn in Washington Crossing, Pennsylvania; Editing by Saumyadeb Chakrabarty)