US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks

An analysis of the CSO Article: https://www.csoonline.com/article/652906/us-cyber-insurance-claims-spike-amid-ransomware-funds-transfer-fraud-bec-attacks.html

The recent developments in the cyber insurance landscape, as detailed in the above article, indicate the following trends and implications:

  1. Increased Vulnerability: There’s a clear uptick in cyber-attack activities, with ransomware, funds transfer fraud (FTF), and BEC attacks being the leading culprits. This suggests that companies, especially those with revenues exceeding $100 million, are increasingly vulnerable.
  2. Rising Insurance Costs: With the increased frequency and severity of cyber-attacks, insurance companies are likely to increase premiums. The complexities and intricacies of newer policies will also likely drive up costs.
  3. Changing Dynamics: The data suggests a shift in the type of attacks. While ransomware and FTF are on the rise, BEC incidents have seen a decrease in frequency and severity. This could imply that while cyber attackers are refining their techniques for ransomware and FTF, defensive measures against BEC might be improving.
  4. Cybersecurity Investments: Companies are increasingly investing in cybersecurity solutions not just to protect their digital assets but also to qualify for cyber insurance policies. This indicates a close relationship between cybersecurity preparedness and insurance policy compliance.
  5. Ransom Decisions: The decision by 36% of Coalition policyholders to pay the ransom is noteworthy. This might indicate that for many companies, the costs (both direct and indirect) associated with not paying might exceed the ransom amount, or they might not have the required backups and systems in place to restore operations without paying.
  6. Sophistication of Attacks: The fact that threat actors are willing to wait longer periods before exploiting a compromise indicates a strategic shift, with cybercriminals becoming more patient and tactical. This could make detection and mitigation even more challenging for companies.

Recommendations for Businesses:

  1. Invest in Cybersecurity: It’s crucial to continue investing in cybersecurity measures, not just to meet insurance criteria but to protect the core business operations and sensitive data.
  2. Segment Network and Access: Businesses should harness precision segmentation, using Enclave, to thwart malicious and unauthorized lateral movement in your network.
  3. Regular Training: Employees should be regularly trained on the latest cyber threats and the best practices to prevent them, especially given the changing dynamics of cyber-attacks.
  4. Backup and Recovery: Ensure robust backup and disaster recovery solutions are in place. This can reduce the potential impact of ransomware and might discourage companies from paying ransoms.
  5. Re-evaluate Insurance Needs: With the changing cyber insurance landscape, businesses should continuously evaluate their policies to ensure they have comprehensive coverage at the best rates.

In conclusion, the cyber threat landscape is evolving rapidly, and businesses must adapt accordingly. This includes both bolstering cybersecurity measures and staying informed about the changing dynamics of cyber insurance.

Talk to our team about how we can help implement these recommendations.