By Emma Nitzsche
Cyber insurance providers are reevaluating their standards to provide insurance as ransomware threats become more prevalent and expensive.
Earlier this week, the CEO of the Colonial Pipeline testified in front of the House Homeland Security Committee that he had utilized his cyber insurance carrier to pay the 4.4 million cryptocurrency ransom in May. The impact of the pipeline attack, mixed with increased cyberattacks in the past year, has pressured cyber insurance companies to raise the standards for cyberattack coverage.
A ransomware attack happens when a hacker breaks into a company’s computer network and takes over the system. The criminal usually leaves a digital ransom note telling the network owner that they have a limited amount of time to pay using cryptocurrency or risk losing access to their computers permanently.
When the cost of paying off the hacker is too high, companies turn to their insurance provider to help them with the payment.
The increased cost and prevalence of these attacks have insurance companies on high alert. Unlike before, insurance providers are demanding to see detailed proof of clients’ cybersecurity measures, such as multifactor authentication. Some insurance firms are running complete cybersecurity inspections before even considering taking on a company as a client.
In addition to increasing the security requirements, some insurers are beginning to restrict cyber coverage altogether. High cryptocurrency threats mean insurance companies are slashing the total amount of ransomware attack reimbursement.
In the past year, ransomware claims have increased more than 300%. In addition, blockchain research firm Chainalysis said the average ransom payment has quadrupled from about $12,000 at the end of 2019 to $54,000 at the beginning of 2021.
Now, insurance providers are pushing the cost back on the companies that hired them.
“costs of cyber insurance have spiked significantly without a doubt. We’ve personally seen some policies go up 40% to 60% in the past year,” Brian Horton, CEO of Breadcrumb Cybersecurity, told the Washington Examiner.