June 1, 2021
Since the first ransomware attack in 1989, criminal actors have vastly increased the number of attacks and raised their demands from new victims. The average ransom payment in Q1 of 2021 was $220,298, an increase of 43% compared to the average payment of $154,108 in Q4 of 2020. As cyber breaches grow in both scale and the size of ransom demands, businesses in every industry are increasingly concerned about the safety of their data, their customers, and their employees. Consequently, cyber insurance is no longer optional, it is becoming a must-have for every type of business today.
We sat down with Jerry Sullivan and Thom Smith of G.J. Sullivan Co. Reinsurance, a national brokerage with roots back to 1933, to talk about the trends in cyber insurance and to hear their thoughts on why it is such a critical requirement for modern businesses.
Apart from growing frequency and scale of ransom demands, the landscape of business has shifted—with more and more work happening online—making every business a target. Thom and Jerry agree. “As technology continues to grow as an integral part of business operations, the threat of a cyber intrusion or attack grows. Companies are more interconnected technologically than ever before,” said Jerry.
With more and more businesses making strides to meet digital transformation demands in the market, criminal actors are taking advantage of more data in the cloud, an increase in entry points into systems and networks and updated social engineering tactics to use on unsuspecting employees.
“There is a criminal element in the world that has become quite sophisticated at figuring out what weaknesses and vulnerabilities exist with any computer system and how to exploit it. Those criminals are not going away. They’ll continue to grow in numbers and become even more of a threat to the business,” said Thom.
As we look ahead, Thom and Jerry see even more possibilities for criminal actors to take advantage of businesses, looking for vulnerabilities in technology and employee knowledge. “As technology evolves and advances, so will the threats posed by cyber criminals. The Internet of Things will increase the pathways for criminals as much as it will enable the very technology being created. Artificial Intelligence, cloud computing, machine learning, cloud storage and other enhancements will create more vulnerabilities where a criminal can find access and cause damage,” said Jerry.
But with an increase in vulnerability, businesses should also be aware that now, more than ever before, we have access to knowledge and technology to keep data and critical information safe. Thom offered some advice to CFOs and others responsible for protecting business critical data —first, find a cyber security partner that can help you assess your system for vulnerabilities and identify ways to improve your security posture proactively. Second, purchase cyber insurance from a company that provides a comprehensive claims response. The cyber insurance company should have an expert claims team lined up ready to cover losses a business is likely to incur if a cyber breach occurs.
As far as industry-specific targets, Jerry shared his insights. “We have already seen healthcare, manufacturing, and energy affected by cyber criminals hacking into their systems, either demanding ransom or causing significant disruption to the services those industries exist to deliver. We expect cyber intrusions to increase over time and for more and more industries to be targeted.”
The cost of responding to a cyber-attack is also increasing. “Depending on the source one references, cyber-attacks cost a business an average of more than $3.8 million. But the cost is much higher for certain industries, such as healthcare where the average cost is more than $7.1 million,” said Thom. And he is right. Especially because the medical industry receives two to three times more cyberattacks than any other industry and that number is expected to continue to grow. Patient records are a typical target for cyber criminals. In 2019 alone, more than 41 million patient records were breached.
“What business can absorb that kind of loss, much less the reputational damage a cyber breach can cause? For businesses slow to adopt cyber insurance, they are left to figure out what to do on their own,” said Thom. Affected businesses are faced with several issues that require immediate attention – getting their computer systems back online, ransom negotiations, compliance with federal and state laws for data breaches (such as notifying employees and customers of the breach) and making a PR plan. “It is unlikely that any company has a perfect business interruption plan that covers all of these issues or that it has the expertise in-house to address each area,” said Thom.
The solution? A cyber insurance partner that offers both, a comprehensive (and easy-to-understand) policy and the education and knowledge many businesses lack to mitigate their cyber risk. “With a state-of-the-art cyber insurance policy, these specialist claims experts will be provided for them to deal with all of these issues and guide the business to recovery,” said Jerry.
Thom and Jerry’s advice for businesses on the fence about cyber insurance? Get educated. Find a cyber insurance partner that will help you assess your system vulnerabilities and make actionable suggestions to improve your company’s security. As you evaluate your options, make sure expert claims specialists are available through your cyber insurance partner and that your policy covers losses for every area of the business in the event of a cyber breach.
To assess your cyber risk and find out how much cyber coverage your business needs, check out our risk calculator here.