How the cyber threat landscape is evolving

Cyberattacks used to traditionally target specific industry sectors like healthcare, but one cyber insurance writer is now seeing a wide range of sectors in the line of fire.

“When you look at our 2020 stats, we see a big difference where it’s not just the financial institutions and healthcare organizations getting hit with claims,” said Miki Ho, who handles business development at Coalition in Canada. “It does really touch on all industries — manufacturing, construction, non-profits are a big one that we’ve seen recently. So, these claims are definitely affecting everybody.”

Ho was referencing a finding from Coalition’s 2020 claims report. (The company will soon publish its findings from 2021.)

Another observation is that “ransomware is exploding as of late,” Ho told Canadian Underwriter during a Zoom call Thursday. According to Aon Canada’s recent Insurance Market Report Canada: Mid-year review 2021, global ransomware reports increased by 715.8% from 2019 to 2020, with ransom payments 60% higher in 2020 than the year before. Globally, Aon projects cyber damages to be about $20 billion in 2021.

Insurer profitability has been materially impacted by the significant uptick in frequency and severity of ransomware attacks, Aon Canada reported.

iStock.com/Tomas Knopp

“Ransomware continues to be the number one claim vector,” Ho said. “When you look at our book of business, there’s really three top three things that we’re seeing — it’s ransomware, social engineering and business email compromise (BEC).”

Ransomware involves encrypting systems and demanding a payment; social engineering is tricking people into sending out payment; BEC involving taking over somebody’s account to potentially commit more criminal activity.

“What’s interesting about those three is that it really doesn’t matter what industry a client might be in, they are potentially exposed to all of those things,” Ho said. “Whether they hold sensitive information or not, they could be hit by one of those claims.”

During ransomware attacks, cybercriminals are actively looking to exploit and get into a company’s remote desk protocol (RDP), Ho explained. “It’s basically a way to access a network from the outside. All you need is an email address and a password and you have full access to a company’s network.

“If we run our scans and we detect RDP, we will provide a recommendation to that client prior to binding and say, ‘We found this open RDP connection. You need to close it, because we know that leads to cyber claims,’” Ho said. “So really proactively analyzing risk and then providing recommendations before we make the policy.”

Ho spoke with Canadian Underwriter after Coalition, which launched in Canada in May of 2020, announced on Wednesday that it was entering the excess cyber market in Canada. Their offering provides brokers with excess cyber liability and technology errors and omissions coverage for accounts with up to CAD$5 million in aggregate limits for companies with up to CAD$1 billion in revenue.

“Our approach to claims is very different when it comes to cyber,” Ho said. “Our average response time is minutes, not hours.”

This, combined with a team of professionals that handle cyber incidents day-in and day-out and an in-house forensics team that responds to incidents in real-time, means response time is “in minutes, not hours, not days,” Ho said. It also helps favourably push down loss ratios.

Loss ratios have been a concern in the industry. According to the Office of the Superintendent of Financial Institutions, unprofitable loss ratios in cyber lines exceeded 400% in Q1 2021.

Ho estimates Coalition is able to remediate almost half of the cyber notices it receives without paying out or having a claim filed. “And that’s because we’re responding quickly. It’s because we have the in-house forensics team to assist. So, it’s really a differentiated approach.”

Overall, capacity in the cyber and privacy liability market is increasingly more difficult to access. In the excess market, starting mid-2020, pressure to increase rates from excess carriers has intensified as rates for primary capacity increased substantially, Aon said in its mid-year report. “Excess carriers are moving their rates to match the underlying layer, addressing historic underpricing. These moves are independent of rate increases arising from loss experience.”

Feature image by iStock.com/WhataWin