Ransomware continues to dominate the cyber insurance discussion according to broker Aon, with total ransomware incidents up 135% last year and carriers steadily fielding more claims emanating from these attacks.
Ransomware infections also continued to affect all industries, although sectors like healthcare, public administration, and education experienced the most reported incidents.
But manufacturing, oil and gas, as well as utilities may also fall victim to ransomware attacks, which could result in significant business interruption to their core business operations.
In addition to rising frequency, ransomware attacks are also becoming more severe, both in terms of downtime and ransom demands.
According to Coveware, the average ransom doubled in the fourth quarter of 2019 from $41,198 to $84,116, with at least one firm reporting losses approaching $100 million when accounting for business interruption, incident response costs, and other associated expenses.
Average downtimes vary between 6 days to well over two weeks depending on the report.
“Companies large and small continue to be impacted by ransomware, regardless of their industry,” Aon stated in a recent report. “Regardless of threat actors’ specific attack strategies, the clear majority of initial compromises occur either by phishing or by exploiting weak authentication (RDP) or other known vulnerabilities.”
“Cyber insurers should be vigilant in encouraging robust anti-phishing capabilities as well as helping insureds identify internet-exposed misconfigurations and vulnerabilities,” it added.
Although ransomware attacks against high profile victims have garnered the most headlines, Aon has observed an increase in attacks against single points of failure that could lead to potential claims aggregation for insurers.
For example, the recent REvil ransomware variant infected several managed service providers (MSPs), some of which boasted over 1,000 clients, including Fortune 1000 companies.
According to ZDNet, multiple MSP customers utilizing CyrusOne’s New York-based data centers were impacted by the ransomware infection, while ransomware variant Snatch infected web-hosting provider SmarterASP, impacting an unknown portion of its customers.
“Ransomware threat actors are targeting these single points of failure presumably to maximize their ransom demands,” Aon noted.
“Although attacks on cloud providers have been infrequent, a successful attack on a top five cloud provider could be a major insurance aggregation event.”