General Insurance Article - Buyer beware as Ransomware as a Service is about to bite


The insurance market is making a series of fundamental changes to existing policies as they aim to address the potential losses they face as a result of the dramatic rise in ransomware-as-a-Service attacks. This is according to Kevin Timms, CEO of managed services provider eacs.

 With the number of high-profile ransomware attacks increasing as a direct result of the Covid pandemic, organisations will continue to be at a higher risk with their employees continuing to work remotely.

 Kevin Timms, CEO, eacs, stated: “Business email is very often the route into an organisation. It is an easy target, and criminals are exploiting email security vulnerabilities such as misconfigured sender policy framework (SPF), Domain Keys Identified Mail (DKIM), and Domain Message Authentication Reporting & Conformance (DMARC) to enact phishing and email spoofing attacks, which could result in the deployment of ransomware.”

 “Sophos recently released its Ransomware Report 2021 which found that the average recovery cost for businesses has doubled in the past year. Sophos quote a staggering and eye-watering figure of $1.85m in 2021 up from $761,106 last year. These costs include the ransom as well as the hidden costs such as downtime, people costs, device, network costs and the loss of opportunity.”

 Timms continued: “The insurance industry itself is now reacting to this trend in a number of ways and we would urge any CFO, CISO or compliance officer to get on top of the changes now and check the small print on all and any Terms & Conditions.”

 Many are now offering - in some cases insisting - policyholders submit a ransomware supplemental application, which asks additional questions around data back-ups, segmentations, and whether or not multi-factor authentication is on the corporate networks.

 “Let’s be clear the purpose of these ransomware supplemental applications is to mitigate the impact of ransomware once it has been deployed, and therefore reduce the severity of claims,” continued Timms.

 “In some cases policies are being refused if a product is at end-of-life so again we would urge all end user organisations to discuss product migration strategies with their service provider if they have one, or upgrade as soon as possible. The reality is that if you fail to do so the chances of rolling over your standard professional indemnity insurance policy are slim to nothing.”

 “We are urging corporate Britain to take a close, long, hard look at any future insurance policy you receive as this is a legal contract. It must be the responsibility of either your insurance broker or risk teams to assess the relevant changes being made to your policies and highlight those changes to senior management.

 “At the end of the day this is simply something that business leaders cannot stick their head in the sand on. If you are being asked detailed questions on your estate as to how you can handle a potential breech you must be able to demonstrate you have addressed this. If you don’t the picture is pretty straight forward. You policy is invalidated and if you are hit with a ransomware demand then it really will be ‘game over’,” concluded Timms.
  

Back to Index


Similar News to this Story

Furloughed workers reveal desired shift in working lives
Despite nearly six in 10 (57%) furloughed workers looking forward to returning to their old jobs at the end of this month, research from Canada Life r
Income Protection Awareness Week
Nathan Hill, Market Head L&H UK & Ireland at Swiss Re, on the importance of income protection products and the ongoing need to improve both consumer a
Men lose twice as much money to scammers than women
Male scam victims have lost more than twice as much money as females in the last 12 months, insight from Phoenix Group, the UK’s largest long-term sav

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.