It looks like the insurance industry is getting into the cyber security sector, but instead of protecting an organization or individual from getting hacked; they will be providing specialized insurance policies to help pay off the ransom and get your data back quicker.
According to CDN Top 100 Solution Provider Herjavec Group, ransomware will cost organizations a combined $1 billion in damages and related expenses annually.
Before WannaCry cyber insurance policies accounted for just 10 per cent of all new insurance policies, but it’s expected to grow to 25 per cent, according to one insurance company CFC Underwriting of London, U.K., who has been offering a line of cyber insurance products since 2015. CFC even has a cyber practice leader in Vicky Paxton. When CFC introduced a new ransomware policy specific for healthcare providers in the U.S., Paxton said:
“Healthcare companies have arguably become the largest target of hackers due to the vast amounts of highly sensitive data that they work with and store. To make matters more complicated, there is rigorous legislation surrounding the protection of this patient data, opening companies up to regulatory fines and investigations if they suffer a breach.”
New research from security vendor Symantec Corp. saw ransomware attempts surging by 36 per cent from 2015 to 2016. Symantec also reported that the average ransom jumped 266 per cent from a low of $294 to $1,077.
In a blog post, Symantec provided information on what WannaCry hackers were asking for in exchange for releasing data safely. Symantec saw hackers asking for US$300 in ransom to be paid in bitcoins. That ransom demand was then doubled after three days and if no payment arrived after seven days, those encrypted files would be erased.
One company that is not getting into the cyber insurance game is Cisco Systems. However, Cisco is closely monitoring ransomware insurance.
Cisco’s security chief David Justice told CDN the networking giant is spending a lot of time studying ransomware insurance.
“It’s an interesting topic and if you look at the traditional insurance community with brokers and underwriters who do they assess the situation,” Justice said.
What Cisco is interested in finding out is what the baseline security is for the premium and deductible being offered by the insurance companies. Justice does not want another subprime mortgage scenario happening with ransomware.
Justice admitted that this is a complicated issue and that Cisco is engaged with many stakeholders in the industry. Justice added that he believes the insurance industry can make things better when it comes to security.
“But, specific to ransomware how would you quantify brand damage for a retailer who had their credit cards stolen,” he said.
One of the features in the CFC cyber policy is that it has corrective action plans for covering bodily harm because of a cyber-attack. CFC is working on other types of cyber insurance for vertical markets.
Currently there are only early entrants in the cyber insurance sector, but Justice believes more will crop up next year.
One thing is for certain, Cisco will not enter the insurance business, Justice said. “I see it as a way to help solve the problem; similar to when you buy a home, you get an alarm, you get a security camera, but you still buy house insurance. We have to figure out what’s the equation for the tech world. It will take a collective group of companies to make this happen,” he said.
In April of this year, Travelers Companies, Inc., the second largest insurer of commercial properties in the U.S., announced it would be partnering with Symantec to develop pre-breach cybersecurity services. Symantec would be providing Travelers with cyber resilience readiness assessment tools along with cyber-security awareness training videos and a security coach helpline.
Just like CFC, Travelers is also offering cyber-insurance policies. With Symantec on-board customers can gain access to a one-hour consultation following the cyber resilience readiness assessment to help identify areas of weakness, cyber-security awareness training videos for educating their organization and a Symantec security coach helpline that can address questions about emerging cyber risks and security gaps.
There is a reselling opportunity through this collaboration. Travelers policyholders also can take advantage of discounts on Symantec products, such as Norton Small Business software.