We’re experiencing a perfect storm in the cyber insurance industry — between widespread technology risk, increased regulations, increased criminal activity, and carriers pulling back coverage — how did we get here? As carriers pull back their capacity, change the wording of policies, or remove coverage entirely, many organizations are left wondering what caused such rapid changes. Can we place all of the blame on ransomware, or was this a culmination of many different factors that together created a disturbance that caught nearly an entire industry off guard?
In a recent webinar, co-hosted with Head of Claims Catherine Lyle, we unpacked what’s changed in cyber during 2021, starting with the four key pillars that have upended the industry contrasted with how Coalition’s approach to underwriting cyber risk differs.
As many companies transitioned to a remote work model, they found themselves dependent on technology that was untested. This drastic change gave threat actors access to a largely untapped pool of new targets and, with that, allowed them to remain undetected for longer periods of time when planning their attack strategy. Remote Desktop Protocol (RDP), which enables the user to connect to a Windows computer remotely, has many inherent security risks. The rate of policyholders who experienced a claim due to exposed RDP also increased from 29% to 40%, and the severity of these incidents increased by 103%. Another unfortunate result of widespread reliance on remote capabilities were several noteworthy supply chain attacks, systemically crippling hundreds if not thousands of businesses simultaneously, such as SolarWinds and Kaseya incidents.
Every company has cyber risk exposure. There’s not an industry out there that’s not a target. If it wasn’t true before, it certainly has become more evident in the last year - every company has cyber risk exposure. Understanding your risk exposure has never been more important, and tools like Coalition Control can help identify the vulnerabilities that leave your organization exposed.
Over the course of the pandemic, attackers grew more confident and emboldened with their tactics. As incidents continued to make headlines, the government had no choice but to react and involve themselves. As a result, states have reevaluated their laws related to cyber and privacy, and a federal task force has been created. This raised the awareness and importance of cybersecurity issues for many if not all companies, especially when responding to a potential cyber incident.
Nation-state actors have been named as the responsible party in several key cyber incidents, such as Colonial Pipeline. In conjunction, cyber criminals have diversified and evolved their attack patterns, branching into other areas.
In simpler times, threat actors were forced to monetize their cyber crimes by gathering data from a network and selling it on the dark web. Now, they are able to immediately monetize their crime through ransomware or funds transfer fraud (FTF). This paradigm shift means that threat actors are no longer attacking companies for the information they hold; they are extorting them based on their business value. Companies are no longer “safe” from a cybersecurity incident because they are small to medium-size businesses, in fact we have observed a 57% increase in cyber attacks against small businesses with under 250 employees in the first half of 2021. Small and midsize businesses have become targets of opportunity for attackers, possessing the right combination of exploitable vulnerabilities matched with willingness to pay to resume operations.
As seen in the 2021 Coalition Claims Report, ransomware and funds transfer fraud accounted for 50% of known losses. And while ransomware gets most of the press and attention, the losses resulting from FTF are steadily increasing as well.
The average amount of funds stolen increased 179% from the first half of 2020 to 2021, from $116,842 to $326,264. – Coalition 2021 Claims Report
By now, we are beginning to see insurance capacity constraints as carriers work to understand precisely how to evaluate and re-approach what cyber risk is today. Until recently, most carriers covered ransomware at full limits. Now that ransomware attacks are frequent and more severe, some carriers have started applying coinsurance and sublimits on a widespread basis. Given the dramatic shift both to a work-from-home culture and monetization of cyber attacks, the underwriting considerations carriers could rely on from just a few years ago have essentially become irrelevant and outdated. Unlike others, Coalition has held strong. We have not pulled back on coverage, sublimited ransomware coverage, added coinsurance to our policy, or added exclusions for end of life software. The question now is whether the broader insurance industry weather the storm and adjust?
Coalition takes a non-traditional approach to underwriting cybersecurity risk: we underwrite like a threat actor. We focus on each company’s specific exposures and the technologies each company uses — RDP, critical vulnerabilities, email security, etc. — we assess your organization for the things that make you the most vulnerable in the adversaries’ eyes. We have found that the technologies an organization relies upon are more of an indicator of their risk than other more obvious factors such as revenue, employees, and industry.
We’ve found that our proactive risk mitigation strategy works. Coalition policyholders experience one-third the frequency of claims when compared to other carriers in the market.
Our intelligence-driven approach to underwriting automatically excludes certain types of risk. Coalition scans for insecure remote access, and we won’t insure organizations using it due to the high level of risk associated with these technologies.
It isn’t just underwriting that we approach differently. Coalition works with policyholders throughout their cybersecurity journey, providing constant monitoring and alerting. Our tools and team help secure organizations by partnering with them to remediate vulnerabilities that they otherwise would not be aware of, ultimately preventing avoidable cyber attacks.
Policyholders can take advantage of Coalition Control, our software-as-a-service platform that allows your organization to review the results of our regular scanning and address whatever vulnerabilities we may identify. Additionally, with Coalition Control you can monitor vendors, suppliers, and other partners whose systems may be integrated with yours –– a critical component to avoiding supply chain attacks. Information about our cybersecurity solutions partners, including discounts on EDR, MFA, and training solutions can also be found in the Control ecosystem.
Of course, we understand that no matter how many layers you apply to your cybersecurity defense, attacks still happen. If your organization becomes the victim of a cyber incident, our in-house claims and Coalition Incident Response (CIR) teams are on hand to assist with remediation.
Cybersecurity is a team sport. Coalition partners with its policyholders to ensure that, as much as possible, we remain on the winning side of the cybersecurity battle.