Sam Barrett examines how Covid-19 has sped up the evolution of cyber cover
Suffering a cyberattack or ransomware demand has driven sales of cyber insurance during the last few years. But it is the emergence of another virus – Covid-19 – that could really accelerate growth in this market.
Although many things have changed significantly as a result of the pandemic, Stephen Ridley, cyber underwriting manager at Hiscox, says the nature of cyber risks has remained the same. “The vast majority of claims are still for ransomware and business email compromise attacks,” he says. “However, this period has magnified the risks: it has opened everyone’s eyes to how reliant they are on technology.”
With lockdown forcing businesses to switch to remote working wherever possible, there were plenty of opportunities for cybercriminals to exploit the situation. “Most businesses had to implement this transformation overnight and many were not prepared for it,” says Andrea Garcia Beltran, cyber manager, underwriting at RSA Insurance. “As well as having to allow some employees to work on their own devices, IT departments were focused on keeping the business running. It opened the doors to cybercriminals.”
Using their own devices meant an appropriate level of cybersecurity was not always guaranteed. Similarly, without their colleagues around, it was less likely that an employee would check whether the email they’d just received from the managing director asking them to transfer money was legitimate.
The cybercriminals changed the way they worked too. Lindsey Nelson, cyber development leader at CFC Underwriting, says many of the attacks focused on the pandemic. “No one falls for the Nigerian prince scam anymore. Instead, the criminals sent emails with Covid-19-related information, asking employees to click on links that would then download malicious software or give access to the network,” she says. “More than 75% of losses are caused by employees and criminals were able to exploit their fears relating to the pandemic.”
Ms Nelson has also seen a shift in ransomware attacks. While criminals used to be able to cash in on businesses simply wanting to get their systems back up and running, they now increasingly use data exfiltration to increase the risk.
With this, they steal data and threaten to release it unless a ransom is paid. As this data might include customer information or company secrets, the risk of reputational damage is high and potentially much more costly than a few days of business interruption while systems are restored.
In this environment, the value of cyber cover has increased. “The pandemic has increased awareness of the cyber risks that a company faces,” says Tom Draper, technology and cyber practice leader at Gallagher. “Before lockdown, most would have said their physical assets were the key risk, but for many, the last few months have highlighted the fact that their biggest concern is actually ongoing cashflow, with this seriously affected in the event of a cyberattack. As long as we do not see a significant economic setback, the pandemic will accelerate take-up of cyber cover.”
His view is echoed by the insurers. RSA’s Ms Garcia Beltran says she’s seen a lot of requests for cover during the last few months. “We have been very busy since lockdown began and we expect this will continue,” she says. “Cyber will become one of the main lines of business.”
Against this backdrop, cyber cover has evolved. Ms Garcia Beltran says that greater focus on ransomware and business interruption has meant some clients have increased indemnity limits on their cover.
Alongside this, a significant amount of attention remains on the risk management support and advice insurers can provide clients. “Our main focus has always been on the helpline and support we provide clients rather than the financial indemnity,” says Mr Ridley. “No business wants to experience a cyberattack, so we put a lot of emphasis on prevention.”
Among the services his clients can access are an online cybersecurity training platform for employees, including new modules around home working; and a risk alert service, which provides details of the latest threats and the mitigation action a business can take.
This focus on risk prevention is common across the cyber insurance market. For instance, in 2019, CFC Underwriting acquired Solis Security to enable it to bring this expertise in-house. This move makes sense as the company has seen notifications increase sharply.
Ms Nelson says that, while she saw 1,500 notifications in 2019, this figure has already doubled in 2020. She is keen to stress that a notification does not necessarily become a claim. “A client might call us because they have identified something that they think could be a potential issue and they want our advice and support,” she adds. “It is a key benefit of
And with the pandemic highlighting the importance of technology and the digital world to many businesses, finding a way to protect this and ensure business operations are unaffected will be increasingly important.”
Sam Barrett is a freelance journalist