Howden report: Ransomware attacks rise 170%

Insurance broker Howden has released a report examining today’s cyber insurance market and has found the cost of insurance to protect businesses and organisations against the ever-increasing threat of cybercrimes has soared by a third in the last year. 

Declaring a ‘digital pandemic’, Howden says ransomware is now the predominant cyber threat confronting businesses of all sizes, with 170% more attacks having taken place during the end of 2020 than the year before.

For US companies that decided to pay a ransom in Q1 of 2021, it is likely they paid 400% more than they would have in 2019. The average cost of ransomware remediation globally has also increased, rising to US$1.85 million this year from US$700,000 in 2020. Average remediation costs in several major markets, including the US, now exceed US$2 million, according to the report.

Global cyber insurance prices increasing

Howden points out that the availability of accessible and relatively low-cost ransomware kits, or ransomware-as-a-service (RaaS), combined with a new strategy that involves both data encryption and the publication of stolen data, known as double extortion, has caused the frequency and severity of ransomware attacks to soar.

As a result, the report found that global cyber insurance pricing has increased by an average of 32% year-on-year in June 2021, on the back of a 50% rise since data tracking began. Insurers are also demanding more from businesses’ cyber resilience and are only willing to deploy capacity if they are satisfied by companies’ risk management frameworks, the report found.

“Cyber risk has undergone multiple episodes of change and development in its relatively short history, but nothing quite so impactful and fundamental as the events over the last year,” said Shay Simkin, Global Head of Cyber, Howden.

“COVID-19, and all of its attendant effects on technology adoption and cyber security, combined with independent or connected changes to the loss environment, has added a big dose of complexity into an already complicated risk landscape.”

Howden’s report found that the COVID-19 pandemic has amplified the risks associated with cyber and revealed pre-existing vulnerabilities. While businesses are investing in data and cloud security to deal with the changes brought about by the pandemic, cybercriminals are often one step ahead of them, Howden found. The report said that cyber criminals have exploited interest and concerns about the pandemic to entice users to click on malicious links or attachments. Delays in breach discovery due to a reduction in on-site staff have exacerbated the issue.

Simkin said that the cyber insurance market is being driven by an imbalance of demand and supply, “which shows no sign of relenting anytime soon.”

“Claims are up, capacity is down, and underwriting profitability is, at best, under pressure,” Simkin said. “The impact on insurance buyers is stark; the importance of being prepared for a cyber attack has never been clearer. With insurers now demanding markedly higher cybersecurity standards before deploying capacity, businesses need analytical solutions designed specifically for them, combined with focused, expert intermediation to help them secure the coverage that meets their needs.”