General Insurance Article - Buyer beware as Ransomware as a Service is about to bite

The insurance market is making a series of fundamental changes to existing policies as they aim to address the potential losses they face as a result of the dramatic rise in ransomware-as-a-Service attacks. This is according to Kevin Timms, CEO of managed services provider eacs.

 With the number of high-profile ransomware attacks increasing as a direct result of the Covid pandemic, organisations will continue to be at a higher risk with their employees continuing to work remotely.

 Kevin Timms, CEO, eacs, stated: “Business email is very often the route into an organisation. It is an easy target, and criminals are exploiting email security vulnerabilities such as misconfigured sender policy framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Message Authentication Reporting & Conformance (DMARC) to enact phishing and email spoofing attacks, which could result in the deployment of ransomware.”

 “Sophos recently released its Ransomware Report 2021 which found that the average recovery cost for businesses has doubled in the past year. Sophos quote a staggering and eye-watering figure of $1.85m in 2021 up from $761,106 last year. These costs include the ransom as well as the hidden costs such as downtime, people costs, device, network costs and the loss of opportunity.”

 Timms continued: “The insurance industry itself is now reacting to this trend in a number of ways and we would urge any CFO, CISO or compliance officer to get on top of the changes now and check the small print on all and any Terms & Conditions.”

 Many are now offering - in some cases insisting - policyholders submit a ransomware supplemental application, which asks additional questions around data back-ups, segmentations, and whether or not multi-factor authentication is on the corporate networks.

 “Let’s be clear the purpose of these ransomware supplemental applications is to mitigate the impact of ransomware once it has been deployed, and therefore reduce the severity of claims,” continued Timms.

 “In some cases policies are being refused if a product is at end-of-life so again we would urge all end user organisations to discuss product migration strategies with their service provider if they have one, or upgrade as soon as possible. The reality is that if you fail to do so the chances of rolling over your standard professional indemnity insurance policy are slim to nothing.”

 “We are urging corporate Britain to take a close, long, hard look at any future insurance policy you receive as this is a legal contract. It must be the responsibility of either your insurance broker or risk teams to assess the relevant changes being made to your policies and highlight those changes to senior management.

 “At the end of the day this is simply something that business leaders cannot stick their head in the sand on. If you are being asked detailed questions on your estate as to how you can handle a potential breech you must be able to demonstrate you have addressed this. If you don’t the picture is pretty straight forward. You policy is invalidated and if you are hit with a ransomware demand then it really will be ‘game over’,” concluded Timms.

Back to Index

Similar News to this Story

1 in 4 long Covid sufferers feeling decline in mental health
As long Covid continues to impact the health of approximately 1.8 million1 people across the UK, adding pressure onto the NHS and employers, research
Billions spent on garden goods but are not insured
The average value of possessions in UK gardens is £1,722.90 per home, new research from MoneySuperMarket has found, representing an increase of 36% on
FCA tackling scams faster as part of data strategy
The Financial Conduct Authority (FCA) is using data to tackle online fraud faster by scanning approximately 100,000 websites created every day to iden

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS


Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.