Studies indicate that ransomware attacks and payment requests are on the decline. If resilience is a priority for organizations, the consequences in terms of cyber insurance are far from neutral.
Are mentalities changing in companies in the face of extortion attempts by cybergangs specializing in ransomware? Recent indicators indeed show changes in behavior with fewer and fewer ransoms being paid. We can therefore wonder whether these developments will have consequences on the cyberinsurance market, on the insurers themselves, but also on organizations that are victims of blackmail to recover their encrypted data.
On the latest indicators from Corvus Insurance’s Risk Insights study, which analyzes data on cyber risk mitigation, claims and insurance company data, show an evolving picture. It appears that the costs associated with ransomware claims are changing significantly. So, although there was an increase in ransom demands from the second quarter of 2020 to the first quarter of 2021, they fell by 50% in the second quarter of 2021. A trend that has largely continued in this third quarter. Additionally, ransomware demands resulting in a ransom payment fell from 44% in Q3 2020 to just 12% a year later.
Risk mitigation well perceived by cyber insurers
Corvus Insurance explains that these changes are due to better preparedness and resilience of policyholders. In particular, the latter have adopted effective management strategies in terms of data backup, which are essential for recovering their systems. The survey also suggests that IT vendors with large customers have a better ability to protect against and recover from a ransomware attack. So far, nothing too surprising, but the study also shows that the larger a company, the more likely it is to sue its IT supplier. For example, a company with 250 or more employees is 3 times more likely to sue its IT provider than a company with 10 or fewer employees, and twice as likely as a company with 11 to 50 employees.
The results indicate clear changes in ransomware claim trends. But how could they impact the cyber insurance market in the future? Could font prices change to reflect lower ransomware attacks and ransom demands? Likewise, will companies be rewarded with better deals if they put more emphasis on prevention and remediation? “Overall business continuity strategies associated with these trends are likely to be viewed favorably by the cyber insurance market,” says Lori Bailey, Director of Offerings at Corvus Insurance. “Not only does this show that companies are taking proactive steps to mitigate this risk, but it also indicates a general trend towards greater cyber resilience as part of the risk management process, which should reduce the costs of losses to the future “.
Closer insurance companies and cybersecurity providers
Trent Cooksley, chief operating officer at SME cyber insurance provider Cowbell Cyber, says cyber insurance is a market in transition and cyber risk assessments conducted by insurers are becoming more thorough and innovative. Objectives: to help create better, more flexible and tailor-made insurance coverage for policyholders according to their exposure to cyber risk. “Closer partnerships between insurance and cybersecurity vendors are certainly paying off and will continue to pay off in the coming year for the insurance market as a whole,” said Trent Cooksley. “This will incentivize companies to deploy greater security controls, not only to get better insurance coverage, but also to keep organizations safe.”
AI-based continuous risk assessment and remediation techniques are also beginning to pay off, either by first limiting the extent of damage and preventing incidents, or by more finely identifying risks, Trent adds. Cooksley. For the leader, a “wave of transformation” should continue over the next 12 months.
Responsible and guilty by paying the ransoms?
For his part, the technical director of BreachQuest, Jake Williams, however, urges to take into account other factors that could explain certain indicators of the study. “Given the legal action against Revil, it is not surprising that ransom demands decreased in the second and third quarters. The statistic that there is a drop in payments in the third quarter is undoubtedly correct, although there may be an error in attribution of the cause, ”warns Jake Williams. And the technical director takes as an example the advice of the Office of Foreign Assets Control on the risks associated with the payment of ransoms: “stakeholders are asking more and more if they have a potential liability by paying. This undoubtedly influences the choice of their decision. Although better preparation may explain some changes, other factors are probably at play”.