Cyber claims increase slightly. Cybercriminals are adapting
Marsh UK clients reported 144 cyber claims in the first quarter of 2024, nearly the same as the 143 recorded in the same period in 2023. Overall, since the first quarter of 2019, our data shows a general upward trajectory of claims.
In the first quarter of 2024, the flurry of notifications included malicious exploits of zero-day vulnerabilities, which are security software flaws that are unknown to the developers.
According to Future of Global Cyber Insurance Market report, strengthened Global Cyber Insurance Market resilience continued to pay dividends, as resurgent ransomware activity has so far not been accompanied. These attacks can affect multiple organisations across different sectors, potentially causing widespread impact.
Claims continue to rise
Ransomware incidents in the first quarter continued to be financially burdensome, more targeted, and to include supply chain incidents.
There continued to be “scattergun”-type cyberattacks and, ensuing from some of those events, business e-mail compromise incidents in which bad actors accessed inboxes to change payment data and fraudulently divert payments.
AI development continued to contribute to a heightened threat landscape, with, for example, the increased sophistication of social engineering.
With one deepfake scam recently resulting in a duped payment running into the tens of millions of pounds, we expect a rise of incidents leveraging this type of technology, according to Cyber Insurance, Ransomware & Hybrid Warfare Outlook.
Cybercriminals are adapting their methods of attack
Cybercriminals are sophisticated enough to target their attacks for maximum impact. For example, retailers tend to be targeted during annual high-trade periods, hotel groups during holidays, and listed businesses ahead of quarterly results publications.
Cybercriminals are continually adapting their methods of attack, devising new ways to commercialise what they have stolen.
However, insureds recognise the severity of the new risk environment and the need to understand and mitigate cyber risk. Meanwhile, the insurance industry has been proactive in sharing information with organisations regarding the root causes of losses and how those losses can be mitigated.
There has been a notable uptick in the adoption of cyber controls by insureds, helping them achieve a stronger security posture within a relatively short timeframe (see 5 Key Benefits of Ransomware Insurance).
Indeed, there has been a significant shift in focus regarding cyber risk over the past two years. Previously, the primary emphasis was on insureds implementing the key cybersecurity controls.
Now that many insureds have achieved a more mature security posture, underwriters are increasingly evaluating how well businesses can respond when incidents occur.
The mindset of insurers and others has shifted from if there is a cyberattack to when there is a cyberattack. Therefore, the ability of their organisation to respond to cyber events has become a crucial factor for insureds to address.
For example, an insurer may ask a manufacturer whether production can be switched from a facility that could be impacted by a cyberattack to another that might be unaffected during a cyber event.
Insurers may also want to know if an organisation holds enough stock to fulfil orders while the business is brought back online after an incident.
Answers to the more cyber-oriented questions around backups and the speed at which systems can be restored from backups will also be sought.
Given the current situation, the ostrich approach, where organisations neglect or downplay cyber risk, is no longer a viable or acceptable strategy.
………………………
FULL Report — https://beinsure.com/uk-cyber-insurance-market/
