General Insurance Article - Buyer beware as Ransomware as a Service is about to bite


The insurance market is making a series of fundamental changes to existing policies as they aim to address the potential losses they face as a result of the dramatic rise in ransomware-as-a-Service attacks. This is according to Kevin Timms, CEO of managed services provider eacs.

 With the number of high-profile ransomware attacks increasing as a direct result of the Covid pandemic, organisations will continue to be at a higher risk with their employees continuing to work remotely.

 Kevin Timms, CEO, eacs, stated: “Business email is very often the route into an organisation. It is an easy target, and criminals are exploiting email security vulnerabilities such as misconfigured sender policy framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Message Authentication Reporting & Conformance (DMARC) to enact phishing and email spoofing attacks, which could result in the deployment of ransomware.”

 “Sophos recently released its Ransomware Report 2021 which found that the average recovery cost for businesses has doubled in the past year. Sophos quote a staggering and eye-watering figure of $1.85m in 2021 up from $761,106 last year. These costs include the ransom as well as the hidden costs such as downtime, people costs, device, network costs and the loss of opportunity.”

 Timms continued: “The insurance industry itself is now reacting to this trend in a number of ways and we would urge any CFO, CISO or compliance officer to get on top of the changes now and check the small print on all and any Terms & Conditions.”

 Many are now offering - in some cases insisting - policyholders submit a ransomware supplemental application, which asks additional questions around data back-ups, segmentations, and whether or not multi-factor authentication is on the corporate networks.

 “Let’s be clear the purpose of these ransomware supplemental applications is to mitigate the impact of ransomware once it has been deployed, and therefore reduce the severity of claims,” continued Timms.

 “In some cases policies are being refused if a product is at end-of-life so again we would urge all end user organisations to discuss product migration strategies with their service provider if they have one, or upgrade as soon as possible. The reality is that if you fail to do so the chances of rolling over your standard professional indemnity insurance policy are slim to nothing.”

 “We are urging corporate Britain to take a close, long, hard look at any future insurance policy you receive as this is a legal contract. It must be the responsibility of either your insurance broker or risk teams to assess the relevant changes being made to your policies and highlight those changes to senior management.

 “At the end of the day this is simply something that business leaders cannot stick their head in the sand on. If you are being asked detailed questions on your estate as to how you can handle a potential breech you must be able to demonstrate you have addressed this. If you don’t the picture is pretty straight forward. You policy is invalidated and if you are hit with a ransomware demand then it really will be ‘game over’,” concluded Timms.
  

Back to Index


Similar News to this Story

Sleighing the risks by giving Santa the insurance he needs
While you might be the most magical employer in the world, we know that even you aren’t immune to the risks of running a global delivery service! From
Diversity improving in insurance and long term savings
Key figures from the Association of British Insurers’ latest Diversity, Equity and Inclusion (DEI) data collection highlight the work of insurers and
Almost a third of homeowners have been victims of burglaries
Research commissioned by Co-op Insurance reveals that almost one in three (29%) homeowners have been the victims of theft from their home. The member-

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.