(844) 627-8267
(844) 627-8267

Part of the problem? Cyber insurance and ransomware | #ransomware | #cybercrime

Is insurance adding to the ransomware risk? That was one of the questions posed to the panel on the first day of the Cyber Risk and Insurance Innovation USA conference, hosted by Intelligent Insurer today and tomorrow (May 29-30, 2024) in Chicago.

The panel looked at ransomware’s impact on cyber insurance strategies and brought together a range of experts: 

• Marissa Olsen, senior vice president and global head of cyber liability claims at Aspen Insurance Group;

• Richard Gatz, vice president and head of cyber claims, Arch; and

• Keith Tagliaferri, director, cyber claim practices, The Hartford.

As the panel discussed, a surge in ransomware attacks has been pushing up premiums,  but it also raised a critical question for insurers. As panel moderator, Stephanie Snyder Frenier, senior vice president and business development leader for professional and cyber solutions at CAC Specialty, said, it had to be asked: “Does cyber insurance perpetuate the cycle of ransomware attacks given that companies may seek indemnification from carriers?” 

For his part, Tagliaferri was doubtful: “Cyber criminals are opportunistic,” he pointed out. “They are launching a lot of these attacks without any idea as to whether or not any of the victim organisations have any sort of cyber insurance.”

While cases where criminals are seeking the insurance payout are widely reported, the majority that don’t are ignored. 

“What’s not reported are the hundreds and hundreds of cyber attacks in which cyber insurance policies had nothing to do with the attacks,” he said.

Olsen pointed out that, even in the absence of coverage, criminals are still likely to assume big companies will pay up. “They’re assuming that either you have insurance or you have enough money behind you,” she said. That’s particularly so, when criminals are targeting Fortune 500 and other big companies. “Either you’ve got the insurance or so many billions of dollars behind you that it doesn’t matter.”

Even if there was a causal connection, it was difficult to know what could be done about it. As Gatz pointed out, ending insurance wouldn’t simply stop the ransomware attacks. “If you were to take cyber insurance out of the equation you still have ransomware,” he said. “People are still going to be getting attacked. Are they going to be getting as much money? No, but I don’t think that would stop the ransomware epidemic. I do know that it would cost a heck of a lot of pain for a lot of organisations and cyber insurance carriers.”

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.

Source link


National Cyber Security