Canadian Underwriter
News

Insurers reveal a popular attack of choice for cyber-criminals


November 1, 2019   by Jason Contant


Print this page Share

Another insurer is reporting a rise in ransomware attacks.

Specialist insurer Beazley said Thursday that the targeting of IT vendors by cyber criminals contributed to a 37% increase in reported ransomware incidents in the third quarter of 2019 compared to the previous three months.

On Oct. 11, Chubb said malware cyber attacks are on the rise compared to one year ago. The first half of 2019 saw an “alarming” rise in ransomware attacks, with this year already outpacing the total number of incidents in 2018.

According to Beazley, cyber criminals are exploiting weak security programs to target both the vendor and their clients. In the third quarter of 2019, one-quarter (24%) of all ransomware incidents reported to Beazley’s in-house breach response team (Beazley Breach Response, or BBR), were found to have started with an attack on an IT vendor or managed service provider (MSP).

Brokers with small business clients may want to point out that this type of business was particularly hard-hit. Small businesses, which often depend on MSPs to remotely manage their IT infrastructure, reported 63% of all ransomware incidents to BBR Services in the first nine months of 2019.

“While their level of reliance on MSPs varies, many small businesses outsource their entire IT operation to the MSP,” Beazley warned. “This can create a dependent and deeply interconnected relationship that hackers play to their advantage.”

Another specialist insurer, CFC Underwriting, noted in a press release Thursday that theft of funds, ransomware, extortion and non-malicious data breaches usually involve the exploitation of human error or oversight in any given business process. That could be a victim falling to advanced social engineering and clicking on phishing link, or failing to follow up with a wire transfer request with a phone call.

Approximately three-quarters of cyber claims notified to CFC in the last year involved some kind of human error or oversight, CFC said.