(Reuters) – US insurers are increasing cybersecurity rates by up to 25% and trying to reduce exposure to vulnerable customers after a wave of costly complaints, industry sources said.
PHOTO: A sign for the hacked Baltimore city computer system is attached to a door near Baltimore City Hall in Baltimore, Maryland, USA, on May 10, 2019. REUTERS / Stephanie Keith / File Photo
The changes follow a challenging year of hackers using malicious programs, known as ransomware, to bring down systems that control everything from hospital billing to manufacturing. They stop only after receiving increasingly heavy payments.
The attacks occurred less frequently in 2019, but the problem remains significant, cybersecurity experts said.
"Ransomware is more sophisticated and dangerous than we've seen in the past," said Adam Kujawa, director of Malwarebytes Labs.
There were 6% fewer ransomware incidents in 2019 compared to the previous year, according to Malwarebytes. However, attacks are now designed to spur deeper and longer-lasting technological problems, with hackers demanding larger amounts.
The average redemption of $ 41,198 during the third quarter of 2019 more than tripled over the first quarter, according to Coveware, which helps to negotiate and facilitate payments.
Rescues are becoming disproportionate to the size of the targets, said Kelly Castriotta, Allianz SE (ALVG.DE) Head of North American product development for financial lines. Hackers often pursue midsize companies and other organizations that are less adept at technology, but also have less revenue to cover large ransoms.
"You expect a demand for ransomware that can pay," said Castriotta.
The US tax increases the broader global ransomware problems of which no company is immune.
Ransomware recently hurt the foreign exchange firm Travelex Ltd [TRVLXP.UL] systems for weeks, leaving the team to serve customers with pens and paper. The hackers demanded $ 6 million, the BBC reported. Travelex declined to comment.
Another attack in December paralyzed the Albany County Airport Authority's administrative computers. He had to pay $ 98,705.96 in Bitcoin to unlock the system, a spokesman told Reuters. Its insurer, Chubb Ltd (CB.BN), covered the ransom, he said. Chubb declined to comment.
Cyber insurance premiums started to rise from 5% to 25% at the end of last year, said Robert Parisi, US cyber products leader at Marsh & McLennan Companies Inc (MMC.N)
He called the increases "dramatic", but said insurers have not reduced coverage.
Cyber policies generally cover not just rescue, but data recovery, legal responsibilities and negotiators fluent in the hackers' native languages. Some insurers are considering changes, given the rising costs.
Allianz is looking at price adjustments and whether ransomware should be a product separate from general cyber coverage, said Castriotta.
Zurich Insurance Group AG (ZURN.S) is more likely to subscribe to companies that have added network capabilities to prevent attacks from spreading across systems, said its risk manager, Peter Giger.
Sompo International (8630.T) is reviewing the criteria for companies most vulnerable to ransomware, said Brad Gow, a global leader in cyber products.
Insurers, including Sompo, can also reduce the amounts they pay for ransomware attacks against higher-risk companies or switch to coinsurance, where policyholders would pay 20% to 30% of ransomware orders, Gow said. They may also require policyholders to have data backup procedures.
Gow compared the possible changes to the requirements for airbags or sprinkler systems.
"We can make mutual gains by helping our customers to be more protected," he said.
GRAPHIC – Global ransomware threat: on here
Suzanne Barlyn reporting; Additional reporting by Carolyn Cohn in London and Noor Zainab Hussain in Bengaluru; Editing by Lauren Tara LaCapra and Nick Zieminski