General Insurance Article - Buyer beware as Ransomware as a Service is about to bite

The insurance market is making a series of fundamental changes to existing policies as they aim to address the potential losses they face as a result of the dramatic rise in ransomware-as-a-Service attacks. This is according to Kevin Timms, CEO of managed services provider eacs.

 With the number of high-profile ransomware attacks increasing as a direct result of the Covid pandemic, organisations will continue to be at a higher risk with their employees continuing to work remotely.

 Kevin Timms, CEO, eacs, stated: “Business email is very often the route into an organisation. It is an easy target, and criminals are exploiting email security vulnerabilities such as misconfigured sender policy framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Message Authentication Reporting & Conformance (DMARC) to enact phishing and email spoofing attacks, which could result in the deployment of ransomware.”

 “Sophos recently released its Ransomware Report 2021 which found that the average recovery cost for businesses has doubled in the past year. Sophos quote a staggering and eye-watering figure of $1.85m in 2021 up from $761,106 last year. These costs include the ransom as well as the hidden costs such as downtime, people costs, device, network costs and the loss of opportunity.”

 Timms continued: “The insurance industry itself is now reacting to this trend in a number of ways and we would urge any CFO, CISO or compliance officer to get on top of the changes now and check the small print on all and any Terms & Conditions.”

 Many are now offering - in some cases insisting - policyholders submit a ransomware supplemental application, which asks additional questions around data back-ups, segmentations, and whether or not multi-factor authentication is on the corporate networks.

 “Let’s be clear the purpose of these ransomware supplemental applications is to mitigate the impact of ransomware once it has been deployed, and therefore reduce the severity of claims,” continued Timms.

 “In some cases policies are being refused if a product is at end-of-life so again we would urge all end user organisations to discuss product migration strategies with their service provider if they have one, or upgrade as soon as possible. The reality is that if you fail to do so the chances of rolling over your standard professional indemnity insurance policy are slim to nothing.”

 “We are urging corporate Britain to take a close, long, hard look at any future insurance policy you receive as this is a legal contract. It must be the responsibility of either your insurance broker or risk teams to assess the relevant changes being made to your policies and highlight those changes to senior management.

 “At the end of the day this is simply something that business leaders cannot stick their head in the sand on. If you are being asked detailed questions on your estate as to how you can handle a potential breech you must be able to demonstrate you have addressed this. If you don’t the picture is pretty straight forward. You policy is invalidated and if you are hit with a ransomware demand then it really will be ‘game over’,” concluded Timms.

Back to Index

Similar News to this Story

Over 40 percent of pet owners have no pet insurance
The COVID-19 pandemic has led to pet ownership soaring in the UK, yet growth of the pet insurance market is lagging behind this trend with price provi
LIIBAs 2022 agenda responds to unprecedented pace of change
Putting London’s insurance brokers at the heart of the debate about how best to achieve net zero is one of broker body LIIBA’s key goals for 2022, a y
Over half who bought income protection did because of Covid
According to findings from GlobalData’s 2020–21 UK Insurance Consumer Surveys, 52% of UK consumers in 2021, compared to 37.4% in 2020, stated that the

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS


Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.