Insurance Industry Races to Stay Ahead of Cyber Threat Actors

By Jennifer Wilson | October 31, 2024

The COVID-19 pandemic brought on significant change to the cyber insurance industry that spans all disciplines. We experienced the widespread remote work environment, which introduced an onslaught of ransomware claims by threat actor groups as they recognized the opportunity to exploit. This put us on our heels, and we’ve been in a continual chase ever since.

The impact of the ransomware epidemic hit the insurance industry first. The cyber policies weren’t properly rated to sustain the frequency and severity of this type of attack. It has become abundantly clear that network security controls should have been a critical consideration to effectively underwrite these emerging risks.

Jennifer Wilson

Overnight, insurers had to become experts in cybersecurity and implement new control requirements on their insureds, beginning by requiring authentication tools to help reduce the frequency of attacks. But the attacks continued as hackers encrypted their victims’ files, forcing them to pay a ransom in exchange for the decryption key.

The industry fought back by implementing backups so businesses could resume operations with limited downtime and without paying the ransom. This gave the hackers pause—for only a minute. Hackers realized that the files they locked up held critical data that could be leveraged in other ways. Rather than encrypting, they threatened to leak the information they found. In response, the targets started paying the ransom demands at high rates again.

With every counter from the insurance industry or the targets, the threat actors would pivot to develop and deploy a new angle. Following each pivot, the industry would adjust, continuing the cycle as the insurers looked for more reliable tools to monitor, identify, and respond to potential threats. In fact, according to our claims data, ransomware still remains the largest payout to date.

Some organizations are making the decision not to pay ransom demands. Less than half of the ransomware claims that Newfront has managed resulted in an extortion payment. Source: Newfront

While ransomware grabbed the headlines, this was not the only threat insurers were combating. Social engineering and wire fraud were increasing in large numbers as well. We quickly learned to identify the telltale signs hidden in the poor grammar of the emails. But the hackers pivoted, using advances in technology to improve their email cadence to victimize businesses again.

The insurers countered by imposing the call back method to authenticate the wire transfer instruction. This involved the recipient verifying the instructions by calling the sender via the number in their contacts, rather than the email. This worked for some, but the advances in technology prevailed and the hackers discovered deepfakes, which seemed to invalidate the call back. Why bother with the call back when the target is looking at his CFO on a video call and hearing his voice instructing him to wire $25M ASAP? So the chase goes on.

According to the NetDiligence 2024 Cyber Claims Report, the average cost of business interruptions has reached nearly $500,000. Considering cyber-attacks have increased in scope and scale, state and federal agencies have gotten involved. These efforts were driven by an interest to protect the victims, understand and help mitigate the overall risk, and inform investors of target attacks.

Following the pandemic, the industry has seen the emergence of multiple new laws at the state and federal levels, leaving insurers and businesses once again scrambling to keep up.

The evolution of the risks and the potential for widespread impact has expanded the level of expertise required to stay competitive in the cyber insurance brokerage space. It is important that we become well versed in network security, and that we stay on top of the relevant laws related to cyber disclosure and reporting. Being an expert in cyber insurance is not enough; we’re pushed to become de facto lawyers and engineers, which is what makes this industry so challenging and rewarding at the same time.

While the good guys are still slightly behind in the race, we are hopeful that advances in technology coupled with federal regulation will help push us forward. Our goal is that in the near future we will stay several steps ahead of the threat actors so we can focus on prevention, rather than just detection.

Wilson is the cyber practice leader at Newfront. She has more than 25 years of experience in the industry, primarily in specialty coverage, claims and risk management. Wilson also sits on the NetDiligence Cyber Claims Advisory Board.

Was this article valuable?

Here are more articles you may enjoy.