The cyber landscape has undergone a dramatic transformation — industries large and small are caught in the crosshairs of increasingly sophisticated attacks. Our H1 2021 Cyber Insurance Claims Report analyzed claims data through June 2021 from customers in the United States and Canada. After reviewing the trends of devastating cyber attacks and their corresponding claims data, we have some thoughts on what the remainder of 2021 may bring.

Our visibility into cyber incidents comes from three primary sources: our policyholders reporting incidents and claims, data the National Association of Insurance Commissioners (NAIC) shares with us, and finally, from the tens of thousands of insurance applications we receive each year. This is our second year compiling data to assess trends in cyber insurance.

Our in-house team of experts shared their predictions in our latest Claims Report. These are our opinions based on current market conditions and proprietary data. In most cases, we hope we are wrong (if only for the sake of our customers).

Ransomware will remain a threat

Ransomware reshaped the cyber landscape. Thanks to the widespread use of poorly-secured remote access protocols and other tried and tested attack vectors; ransomware has become one of the most lucrative cyber criminal activities. As a result, we anticipate that ransomware frequency will increase moderately. Still, ransomware severity will flatten as there is little to gain beyond what attackers already have after taking an organization’s operations hostage.

The frequency of ransomware dipped slightly in the second half of 2020, but there was a resurgence in the first half of 2021, and the average ransom demand increased nearly 3x.

CEO Joshua Motta, who recently attended the White House cybersecurity meeting alongside other industry leaders, explained that no technology is 100% secure, and attack tactics and techniques are constantly evolving. Stopping ransomware isn’t just a technology problem; it’s a risk management problem. Incentivizing cybersecurity best practices that decrease the risk of ransomware and other cyber threats is crucial for all organizations.

Download the full H1 2021 Cyber Insurance Claims report here to learn more about these trends.

Supply chain attacks won’t stop

Supply chain attacks allow criminals to victimize a large number of organizations at once, and these attacks are becoming more common. For example, roughly 1,000 Coalition policyholders were exposed to the Microsoft Exchange vulnerability, and new variants of this vulnerability continue to be discovered. We assess that criminals will increase their targeting of software and service providers that other organizations rely upon. As organizations increase their reliance on cloud software and service providers, they open themselves up to more risk— a risk they struggle to control.

Nation-state involvement

The high-profile attacks against Mimecast, SolarWinds, and Microsoft Exchange were believed to be instigated by nation-state actors. While these attacks are typically motivated by espionage rather than financial gain, these exploits often eventually make their way into criminal hands, which is a trend we expect to continue.

The cyber insurance market will continue to harden

Over the first half of 2021, we have seen the beginnings of insurance capacity constraints as carriers evaluate how to address cyber risk. Due to the frequency and severity of ransomware attacks, some carriers have started applying coinsurance and sublimits on a widespread basis. Coalition has held strong — we have not pulled back on coverage, sublimited ransomware coverage, added coinsurance to our policy, or added exclusions for end-of-life software.  

Cyber criminals are opportunistic, particularly when it comes to small businesses, and the technology and processes that organizations use are far more indicative of their risk than their industry.

The market will likely continue to harden for the remainder of the year, and insurance carriers will likely begin requiring many common cybersecurity controls. Carriers will also likely require companies to address vulnerabilities during the policy period or risk losing some (or all) coverage. Carriers will likely continue to implement reductions in coverage, price increases, coinsurance, and sublimits throughout the year.

Government regulation and security

New York’s Department of Financial Services formally released a cybersecurity framework for cyber insurance carriers to follow. President Biden signed an executive order to improve national cybersecurity and recently held a cybersecurity meeting to discuss the strategic importance of protecting America’s business interests. Not only do we expect to see more regulation, we expect to see more public frameworks from government institutions around the world and new laws that will require far greater disclosure of cybersecurity incidents.

Not all is lost: cyber risk mitigation remains possible

While it may feel like organizations are under a continuous wave of attacks, most remain unsophisticated. Phishing, exploitation of remote access points, exploiting unpatched software with known vulnerabilities, and weak credentials will continue to be the main causes of cyber incidents. Basic controls will continue to remain effective mitigations:

• Email security, including spam filtering and user training, are important

• Ensure technical vulnerabilities like old, unpatched software or insecure remote access tools are unavailable for attackers to exploit

• Backups should be implemented and tested regularly before a cyber incident occurs

• Never process new requests or change payment requests based on email — implement defined processes with a two-party approval process

• (MFA) and endpoint detection and response (EDR) create a layered defense for your network

Coalition offers security for all

Effective risk mitigation involves layering your security defenses, and Coalition has committed to delivering security for all organizations. Our cybersecurity guide outlines the basic tenants of a cybersecurity program — a critical factor in reducing your organization’s risk of falling victim to a ransomware event. Additionally, organizations can view their risk in real-time through Coalition Control, our integrated risk management platform.

During the White House cybersecurity meeting, Coalition committed to partnering with the government, the private sector, and academia to share insurance claims data and hopefully reduce the losses across all organizations. Additionally, we offered Coalition Control for free to all organizations at: coalitioninc.com/securityforall

These commitments made by CEO Joshua Motta are just the beginning of Coalition’s work to provide security for all. We look forward to sharing our future claims data in support of our pledge.