Ransomware tops in the list of cyber insurance claims that were received by the insurance giant AIG last year.
As per the cyber claim insurance statistics published by AIG for the year 2017, more than quarter of all cyber crime-related insurance claims that were received by the company were the result of ransomware attacks.
The AIG cyber claim insurance statistics report says- “As had been predicted early last year by AIG’s cyber experts, 2017 was a year of widespread ransomware attacks and cyber business interruption. AIG’s claims statistics show that over a quarter of cyber claims (26%) received in 2017 had ransomware as the primary cause of loss. This is a significant leap from 16% of claims in the years 2013-2016.”
As per the AIG stats, the WannaCry attack, which had impacted hundreds of thousands of computers in over 150 countries, had affected companies in different sectors- financial services, healthcare, logistics, education and manufacturing. The NotPetya strike too had had its impact.
AIG has quoted Mark Camillo, its head of cyber for EMEA, who says-“The combination of leaked National Security Agency (NSA) tools plus state-sponsored capabilities triggered a systemic event. The WannaCry outbreak, which hit hundreds of thousands of machines around the world, could have been worse in terms of scale and insured losses if a UK researcher hadn’t quickly found and activated the kill switch.”
The other main breach types that led to insurance claims were data breaches, other security failure/unauthorized access and impersonation fraud. The proportion of claims that were caused by employee negligence dropped marginally to 7 percent in 2017, but the fact remains that human error is a significant factor in the majority of cyber insurance claims.
2017 had also witnessed an increase in claims frequency, with AIG’s specialist cyber claims staff handling at an average one claim per working day. The insurance company feels that this increase is the reflection of a broader trend of cyber loss escalation.
The AIG report also points out that 2017 had seen ransomware getting increasingly commoditised and that there no longer is the guarantee that companies would get their data back even if they pay hackers the ransom they demand.
The report says- “Over the past 24 months ransomware has become increasingly commoditised with the creators of more recent variants offering revenue-sharing agreements to “affiliate partners”. There is no longer a guarantee that insureds will get their data back, even if they pay the ransom. The “professionalism” associated with earlier strains of ransomware – where call centres were provided to talk victims through accessing Bitcoins in order to pay the ransom and get their data restored – has now all but gone…However, Ransomware-as-a-Service still poses a threat to organisations. Companies may not think their data is important or likely to be compromised, but the claims experience in 2017 demonstrated that ransomware attacks are largely indiscriminate and can impact organisations from all sectors and of all sizes. AIG anticipates that the automation and commoditisation of ransomware will continue to be a trend with businesses and individuals facing an increasing number of attackers.”
The AIG cyber claim insurance statistics also say that there is an expected shift in emphasis towards cryptojacking and that cybercriminals are now showing an increased liking to taking over networks and using them for cryptocurrency mining. There is also the reference to how extortion by cybercriminals would get impacted in the times to come. The report says- “Looking ahead, the more traditional forms of extortion are expected to become an issue in data breaches and become more targeted. This is currently a trend in the US market but has also resulted in losses for European companies, particularly those with a US presence. The EU General Data Protection Regulations (GDPR) is likely to become another tool for negotiation by extortionists, who will threaten to compromise an organisation’s data unless a payment is received, knowing that the consequences will be more significant under the new regime.”
AIG also discusses network interruption as a source of loss for many companies; it says- “The claims statistics show that disruption to business (described as ‘network interruption’ in describing cyber business interruption) as a primary source of loss was down year-on-year compared to 2013-2016, despite evidence that business interruption was a significant issue for many European organisations in 2017. While network interruption loss was one of multiple causes of loss for a significant number of claims, it was not always cited as the primary cause and – as a result – is underrepresented in the claims statistics. ”
In 2017, AIG had seen as many claim notifications as in the previous four years combined. The sectors that top the list as regards cyber claims are the professional services sector, the financial services sector and the retail industry. To be noted is the fact that cyber incidents are no spreading more broadly among a wide range of sectors and no industry is immune to cyber strikes.
Coming back to ransomware attacks, AIG concludes that “… the systemic nature of ransomware attacks witnessed in 2017 is just the tip of the iceberg and that this will become even more of a challenge in the future.”