AGCS warns of pandemic driven by ransomware


In a new Cyber Insights report, entitled ‘Ransomware trends: Risks and Resilience’ AGCS said

the increasing frequency and severity of ransomware incidents are driven by:

  • Growing number of different attack patterns, such as double and triple extortion campaigns;
  • Criminal business model around “ransomware as a service” and cryptocurrencies;
  • Recent skyrocketing of ransom demands; and
  • Rise of supply chain attacks.

Scott Sayce, global head of cyber at AGCS, said not all attacks are targeted as cyber criminals often adopt a scattergun approach to exploit those businesses that are not addressing or understanding the vulnerabilities they may have.

“As insurers, we must continue to work with our clients to help businesses understand the need to strengthen their controls. At the same time, in today’s rapidly evolving cyber insurance market, providing emergency response services, as well as financial compensation, is now the standard,” Sayce added.

The cyber risk trends are mirrored in AGCS’s claims experience, with the insurer receiving more than a thousand cyber claims overall in 2020, up from about 80 in 2016. Specifically, the number of ransomware claims (90) rose by 50% compared to 2019 (60).

The insurer’s claims analysis found that business interruption (BI) and restoration costs are the main drivers behind cyber losses such as ransomware attacks, accounting for over 50% of the value of close to 3,000 insurance industry cyber claims worth around €750 million (US$885 million) it has been involved in over six years.

So how can companies protect themselves from the “ransomware pandemic? AGCS suggested focusing on:

  • Ransomware identification;
  • Business continuity planning or incident response plan;
  • Anti-phishing exercises and user awareness training;
  • Backups;
  • Endpoints;
  • Email, web, and office document security;
  • Segmentation;
  • Monitoring patching and vulnerability management policies; and
  • Performing due diligence and risk management activities before mergers and acquisitions.

“In around 80% of ransomware incidents losses could have been avoided if the organizations had followed best practices,” said Rishi Baviskar, global cyber experts leader at AGCS Risk Consulting.  “Regular patching, multi-factor authentication, as well as information security and awareness training and incident response planning are essential to avoiding ransomware attacks and also constitute good cyber hygiene.

“If companies adhere to best practice recommendations there is a good chance that they will not become ransomware victims. Numerous security gaps can be closed, often with simple measures.”

Source Article

Next Post

Chaucer adds political risk cover to Belt and Road consortium

Specialty reinsurance group Chaucer has added political risks and contract frustration cover to its Belt and Road consortium at Lloyd’s. The new consortium, led and managed by Chaucer, will provide lead capacity of US$60 million (SG$81.1 million), supported by a further US$235 million of follow capacity. It covers political risk […]