fbpx

2020 Cyber Insurance & Threats — 4 Lessons Learned

If anything, 2020 has been about preparing for everything. This includes cyber threats, which have risen sharply in the pandemic era1. Nearly four out of five organizations surveyed cyber insurance coverage (up from 34 percent in 2011) to protect themselves from these threats. Here are four lessons learned about threats and cyber insurance in 2020, to help your organization make informed, cost-effective decisions moving forward.

Nearly four out of five organizations surveyed cyber insurance coverage 2 to protect themselves from threats.

Unavoidable outcome of widespread cyber insurance coverages

It’s unavoidable, as more organizations add cyber insurance coverage, cyber criminals are going to be interested and look for ways to take advantage. Cybercriminals may assume that, if a company they attack is insured, the claim will get paid. Investigators are even seeing scenarios where criminals are compromising companies, obtaining their insurance coverage information as part of their surveying, and then aligning their ransomware terms to the policy details so their demands result in the victim organizations being reimbursed. In doing so, criminals reason this increases the probability of payment, since the victim knows the insurer will ultimately pay for the ransom.

It is up to the client, not the carrier, to ultimately decide if they will pay the ransom. Brian Thornton, CEO of ProWriters, shared that they “have seen a recent reduction in ransom payments — possibly due to companies having better segmentation and backups and not needing to pay the ransom to restore operations. Also, as more cyber criminals are being added to the OFAC list, that would not allow a company or insurer to pay a ransom.”

The goal is to protect all data in your environment, but it is important to put extra emphasis on protecting your cyber insurance policy information.

Learn more about ransomware attacks in our whitepaper: Stop the Spread of Ransomware

Beating ransomware to the “tipping point” helps keep risk (and ideally premiums) manageable

Of course, organizations have layered security controls, but cyber insurance equations focus on what happens when these are inevitably defeated or bypassed. How would you spot an intrusion, and regain the upper hand against laterally moving malware stealing, wiping or ransoming files? The alternative is an attacker making it to the crown jewels of the most sensitive data and software handling the most sensitive crossroads of access control, credentials and system administration. When the latter are compromised, incidents can rapidly cascade out of control putting victims in the uncomfortable position of having to contemplate paying ransoms or moving forward without irreplaceable data.

No two organizations are the same, but our experience shows that domain controllers3  are the crucial high ground to defend and hold. Your domain controller acts as the enterprise gatekeeper for security authentication requests to allow network/user account access. In our research, we’ve found that 99 percent of large-scale ransomware events spread through domain controllers. Given this, it clearly makes good business sense to invest in the continuous monitoring, penetration testing and vulnerability scanning of the domain controller environment to thwart these attacks. Such initiatives can lessen the impact of ransomware incidents, reducing risk and improving overall cyber security posture.

Learn more about domain controller compromises and the best ways to protect your environment in our whitepaper: The Domain Controller…An Achilles Heel

It’s critical to know exactly what’s covered

In two high-profile lawsuits contesting denial of coverage over the 2017 NotPetya attacks, pharmaceutical giant Merck is seeking $1.3 billion from multiple insurers and multinational food company Mondelez International claims it is owed $100 million from its providers. In both disputes, the insurance providers cite “war and terrorism” exclusions4 to deny the claims under their property policy. Brian emphasizes knowing exactly what is covered and what is not under a policy, “should a company like this have a stand-alone cyber tower, this type of event should be able to be covered, which also places an importance on the brokers and carriers that you work with”.

Fortunately, we’re seeing insurers more often opting to pay out instead of denying claims. But there are plenty of gray areas. For example, if a state actor launches a hack or if an incident appears that way, does that purported linkage constitute an “act of war?”

Enterprise security and risk leaders must completely understand where threats are likely to come from, and make sure the ensuing potential losses are included in policies. Thoroughly understanding cybersecurity coverage and having policies to cover different scenarios is critical to ensure exclusions don’t preclude an event from being covered.

Enlisting a cyber security partner is an overlooked step crucial for helping companies both buy the right coverage and providing the fact base for claims

In two high-profile lawsuits contesting denial of coverage over the 2017 NotPetya attacks, pharmaceutical giant Merck is seeking $1.3 billion from multiple insurers and multinational food company Mondelez International claims it is owed $100 million from its providers. In both disputes, the insurance providers cite “war and terrorism” exclusions 4 to deny the claims under their property policy. Brian emphasizes knowing exactly what is covered and what is not under a policy, “should a company like this have a stand-alone cyber tower, this type of event should be able to be covered, which also places an importance on the brokers and carriers that you work with”.

Fortunately, we’re seeing insurers more often opting to pay out instead of denying claims. But there are plenty of gray areas. For example, if a state actor launches a hack or if an incident appears that way, does that purported linkage constitute an “act of war?”

Enterprise security and risk leaders must completely understand where threats are likely to come from, and make sure the ensuing potential losses are included in policies. Thoroughly understanding cybersecurity coverage and having policies to cover different scenarios is critical to ensure exclusions don’t preclude an event from being covered.

The only certainty about cyber threats is uncertainty. As cyber attacks continue to evolve, cyber insurance makes changes to keep up. It is important to know what is covered in your policy to ensure it covers all of your potential risks.

About Pondurance

Pondurance delivers world-class managed detection and response services to industries facing today’s most pressing and dynamic cyber security challenges including ransomware, complex compliance requirements and digital transformation accelerated by a distributed workforce.

By combining our advanced platform with our experienced team of analysts we continuously hunt, investigate, validate and contain threats so your own team can focus on what matters most.

Pondurance experts include seasoned security operations analysts, digital forensics and incident response professionals and compliance and security strategists who provide always-on services to customers seeking broader visibility, faster response and containment and more unified risk management for their organizations.

Visit www.pondurance.com for more information.

 

Sources:

1. Voice of America, UN Warns Cybercrime on Rise During Pandemic, May 2020.

2. Advisen, 10th Annual Information Security and Cyber Risk Management Survey, 2020.

3. NIST, Computer Security Resource Center.

4. Insurance Business America, Why war exclusions need to evolve for cyber insurance to be effective, Dec 2020.

5. Cyentia Institute, IRIS 20/20 Information Risk Insights Study Xtreme, 2020.

6. FireEye, M-Trends 2020: Insights From the Front Lines, Feb 2020.