The cyber landscape has undergone a dramatic transformation since the onset of the pandemic. Industries large and small are caught in the crosshairs of increasingly sophisticated attacks. Continued work from home has only increased what’s at stake for all businesses.
One of the ways to make sense of it all is to look into current cyber claims data from across North America and draw out trends to help businesses prepare for and prevent future devastating cyber attacks.
Real visibility into cyber incidents ideally comes from three primary sources: policyholders reporting incidents and claims, data from the National Association of Insurance Commissioners (NAIC), and finally, from the tens of thousands of insurance applications businesses file each year.
Together these sources helped us produce our second annual H1 Cyber Insurance Claims Report, featuring analyzed claims data through June 2021 from our customers across the United States and Canada.While we hope to be wrong (for the sake of our customers), our data revealed the following Top 5 cyber claims trends for 2022:
1. Ransomware will remain a threat
Thanks to the widespread use of poorly secured remote access protocols and other tried and tested attack vectors, ransomware has become one of the most lucrative cyber criminal activities.
As a result, we anticipate that ransomware frequency will increase moderately. Still, ransomware severity will flatten as there is little to gain beyond what attackers already have after taking an organization’s operations hostage. After a resurgence of ransomware attacks in the first half of 2021, the average ransom demand increased nearly 3x.
While we know that no technology is 100% secure, and attack tactics and techniques are constantly evolving, stopping ransomware isn’t just a technology problem; it’s a risk management problem. Incentivizing cybersecurity best practices that decrease the risk of ransomware and other cyber threats is crucial for all organizations going into 2022.
2. Supply chain attacks won’t stop.
Supply chain attacks allow criminals to victimize many organizations at once, and these attacks are becoming more commonplace. For example, roughly 1,000 Coalition policyholders were exposed to the Microsoft Exchange vulnerability, and new variants of this vulnerability continue to be discovered. We expect criminals to increase their targeting of software and service providers that other organizations rely upon. As organizations increase their reliance on cloud software and IT service providers, they open themselves up to increased risk — a risk they will struggle to control.
3. Nation-state involvement.
The high-profile attacks against Mimecast, SolarWinds, and Microsoft Exchange were believed to be instigated by nation-state actors. While these attacks are typically motivated by espionage rather than financial gain, these exploits often eventually make their way into criminal hands — a trend we expect to continue into 2022.
4. The cyber insurance market will continue to harden.
In the first half of 2021, we saw the beginnings of insurance capacity constraints as carriers evaluated how to address cyber risk. Due to the frequency and severity of ransomware attacks, some carriers have started applying coinsurance and sublimits on a widespread basis. Coalition has held strong — we have not pulled back on coverage, sublimited ransomware coverage, added coinsurance to our policy, or added exclusions for end-of-life software.
The market will likely continue to harden as we enter 2022, and insurance carriers will begin requiring many common cybersecurity controls. Carriers will also require companies to address vulnerabilities during the policy period or risk losing some (or all) coverage and continue to implement reductions in coverage, price increases, coinsurance, and sublimits throughout the year.
5. Government regulation and security.
New York’s Department of Financial Services formally released a cybersecurity framework for cyber insurance carriers to follow. President Biden signed an executive order to improve national cybersecurity and recently held a cybersecurity meeting to discuss the strategic importance of protecting America’s business interests. Not only do we expect to see more federal regulation in 2022, we also expect to see more public frameworks from government institutions around the world and new laws that will require far greater disclosure of cybersecurity incidents.
Not all is lost: Cyber risk mitigation remains possible
While it may feel like organizations are under a continuous wave of attacks, most remain unsophisticated. Phishing, exploitation of remote access points, exploiting unpatched software with known vulnerabilities, and weak credentials will continue to be the main causes of cyber incidents.
Basic risk mitigation controls will continue to remain effective mitigations:
- Email security, including spam filtering and user training, are important
- Ensure technical vulnerabilities like old, unpatched software or insecure remote access tools are unavailable for attackers to exploit
- Backups should be implemented and tested regularly before a cyber incident occurs
- Never process new requests or change payment requests based on email — implement defined processes with a two-party approval process
- Create a layered defense for your network with multi-factor authentication and endpoint detection and response.
Cyber criminals are opportunistic, particularly when it comes to small businesses, and the technology and processes that organizations use are far more indicative of their risk than their industry. Coalition CEO Joshua Motta attended the White House cybersecurity meeting alongside other industry leaders, and pledged to partner with the U.S. government, the private sector, and academia to share insurance claims data to reduce the losses across all organizations. Additionally, we offered Coalition Control for free to all organizations.