As Ransomware Threats Climb Again, Businesses Need Peace of Mind
Cyber insurance is a risk management tool that helps businesses navigate increasingly turbulent waters.
Chris McMurray
Managing Director for Cyber, Travelers Europe
Cyber threats continue to keep business leaders on their toes. While the frequency of ransomware attacks dropped in 2022 amid broad efforts to improve cyber protection and preparedness, the severity of these attacks is now on the rise. British cybersecurity firm Sophos found that ransomware payments have nearly doubled over the past year. In that time, ransomware groups have also become more aggressive in their threats to publish sensitive stolen information. This uptick in criminal activity related to ransomware has led to an increase in claim notifications.
“A business can face steep financial losses and hits to productivity, sensitive information and reputation,” said Chris McMurray, managing director for cyber at Travelers Europe. “Small firms are as much in the crosshairs of threat actors as large firms.”
Fortunately, cyber insurance can provide valuable protection against these threats.
Making sense of a young market
The cyber insurance market is young in comparison to the market for other insurance products and insurers are following its trajectory as it matures. Three or four years ago, many insurers began vying for a share of it. But as ransomware attacks took off and impacted claims, insurers required clients to take action to make themselves better risks.
Amid the price increases that happened during this process, some clients found cyber insurance cost-prohibitive and questioned the need for it. They had taken actions to make themselves better risks, and around the same timeframe, ransomware threats had become quieter. So why buy cyber insurance?
But the problem is that cyber risks continue to shift. In the past 12-18 months, ransomware attacks eased in frequency. Now, the severity of these threats is making them a significant risk again. As businesses experience these cycles where certain cyber risks are more prevalent than they were before, they must adapt accordingly.
“Cyber insurance gives clients immediate post-breach support to get through a difficult time. That can be especially valuable to small- to medium-size enterprises that may lack the IT infrastructure or on-staff expertise needed to manage it. Even for larger firms with strong internal support, the minutes and hours after a cyber breach can be frantic.”
The problem can drag on for months thereafter. It’s a great comfort to be able to consult experts in the moment who can help the business get back on track as quickly as possible.
Making clients better risks
Travelers aims to help clients of all sizes become better risks — to identify their vulnerabilities so they can enhance their protection. For larger clients, the Risk Control team can assess the existing cyber infrastructure, then offer advice to improve upon it. For smaller businesses, they can provide an inside-out scan of their website and assess patching, open ports, and web certificates.
“Businesses have different risks and we take time to understand them, then offer guidance,” McMurray said. “We’re not only there for insureds when something goes wrong, but also to help them be better risks from the start.”