Computing reports Insurance firms are worried about profits as ransomware gangs become more sophisticated.
Whilst previousy insurance companies typically cooperated with customers (and with Cybercriminls) to cover losses, cyber attacks have risen in number and sophistication which is forcing insurance companies to cut the amount of cover they provide to customers. Insurers have increased premiums, cut policy coverage and may even adopt an adversarial vs a co-operative response to ransomware claims.
“Insurers are changing their appetites, limits, coverage and pricing,” Caspar Stops, head of cyber at insurance firm Optio, told Reuters … Limits [the upper amount paid in a claim] have halved – where people were offering £10 million ($13.5 million), nearly everyone has reduced to five.”
- American cyber insurance firm CNA Financial allegedly paid hackers $40 million (£30 million) to decrypt its data and restore systems, following a ransomware attack in March.
- In June, meat processing giant JBS confirmed it paid $11 million (£8.2 million) to the REvil ransomware gang, which locked its systems at the end of May.
- Insurers say some attackers may specifically check whether potential victims have policies that would make them more likely to pay a ransom.
One industry insider said a tech firm that previously paid £250,000 for £130 million of professional indemnity and cyber cover is now paying £500,000 for a cover of £55 million.
The main advice from the FBI in the US is not to pay, and instead report the incident as early as possible. The agency also warned that paying ransoms only funds criminals’ efforts.