Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed
Ransomware attacks remained high in Q3 2024, with groups targeting sectors like Construction and Healthcare, often exploiting weak VPN credentials.
Within the context of more traditional lines, cyber is a fresh face still looking for its place in the market. In a short span of time, it's been through many iterations — an easy add-on, a profitable afterthought, and, to some, a tech-heavy nuisance. But serious losses for carriers and headline-worthy ransomware attacks have ushered in a new era for cybersecurity risk management. Now, cyber insurance is getting the main character treatment.
As cyber threats enter (and stay in) the spotlight, the digital revolution of insurance plays an integral supporting role behind the scenes. We spoke to a panel of brokers, including Lainee Beigel, Executive Risk and Cyber Broker at EPIC and Armand Vilches, Managing Director at RLA Insurance Intermediaries, to hear how they have been getting through the hard market, adapting to digital enablement, and preparing their clients for the future of cyber insurance.
No matter how you slice it, cyber insurance is two things: relatively new, and relatively confusing. Brokers are vital to making it all make sense for their clients. No pressure or anything.
When it comes to threats such as ransomware, cyber extortion, data breaches, and phishing attacks — risks that feel far more conceptual than a tornado striking tornado alley, for example — how can clients determine the level of coverage they need to be truly protected? Brokers highlight the growing popularity of digital tools that use machine learning, data, and expert input to understand an organization’s potential exposure.
Clients want objective answers to pressing questions. Just by knowing an organization's industry class and revenue (provided in their application), brokers can return with an answer and recommend coverage by using data-driven ransomware cost calculators. As we continue to face evolving threats, expect that tech-forward insurers will find new ways to make obtaining cyber insurance easier, and use similar tools to reduce cyber risk during policy periods.
Carriers, especially those actively working on cyber risk mitigation throughout the policy period, offer resources to clients beyond straightforward insurance. When you think about it, insurers and policyholders are both happier (and a lot less stressed) if they can avoid a claim — so why not do everything in their joint collective power to prevent it?
“If we can show our clients that we’re placing them with a carrier that has the resources to help them, it accounts for so much in our relationships,” says Lainee Beigel, an Executive Risk and Cyber Broker at EPIC. She highlights the growing trend of tools like our Policyholder Dashboard as an asset, where insureds can locate cyber claims information, download their policies, and receive actionable cybersecurity advice. “That is all so useful to our clients, and makes us look good as well,” she adds.
Whether you’re working in retail or wholesale, there’s a certain level of faith your clients have in you to be familiar with the ins and outs of cyber. But staying up to date with a constantly evolving threat landscape can be a full-time job on its own, on top of the pressing demands of renewals, new clients, and other administrative tasks. Carriers — with experts that live and breathe cybersecurity — can help shoulder that weight. Updated resources with access to cyber terminology, guides to common security controls, and explainer videos can help a broker educate less experienced clients, and take the guesswork out of completing applications.
“A lot of information isn’t available to insureds until they’re policyholders,” explains Armand Vilches, Manager Director at RLA Insurance Intermediaries. “We need that information at the beginning of the process, not the end. Cyber is a third of my book, but it takes up 45% of my time. Send anything that could make it easier for us.”
In a hard market, relationships are crucial. Brokers are the ones who (now more than ever) are stuck relaying bad news to their clients. As the cyber market continues to develop, and carriers expect more from their policyholders, brokers are tasked with explaining how certain controls — like multi-factor authentication, endpoint detection response, and proper backup solutions — impact the cyber underwriting process. Having these conversations with someone they know and trust can make a world of difference.
If relationships with your clients can make the news about unfavorable prices and premiums less painful to deliver, what can you expect from relationships with your carriers? It might just get a not-so-favorable application looked at.
“An ugly submission comes in, but I know I can partner with carriers like Corvus, so they'll dedicate the time to working through these tougher submissions,” says Vilches.
When the pandemic forced us to stay home, we pumped the brakes on the traditional approach to maintaining relationships, like meeting with each other in person. Aside from Zoom, many brokers found a new way to stay connected and provide support during a hard market: LinkedIn.
“I found it helps me build my own presence, as well as EPIC’s presence,” says Beigel. “ I want my clients to be happy that they have a broker that’s knowledgeable in the insurance that they’re placing.”
Not only is it a great tool for staying connected, it can be a place for brokers to share relevant content that serves to educate current and prospective clients. With constant updates to market conditions, having an arsenal of cyber-pro connections on LinkedIn can keep you current. Your carrier partners may even be a good place to start (wink, wink).
So, what does the future have in store for us? Hard to guarantee, but we can make some educated guesses.
Even as the hard market eases up, there’s a lot less wiggle room for organizations without the proper controls in place. On top of that, applications need to be completely and accurately filled out before they’re submitted. Gone are the days where you could go back, fix a mistake, and get coverage fast.
There may be an adjustment period as clients acclimate to new techniques carriers use to address cyber risk. For example, at Corvus, we use non-invasive scanning technology to view a company’s IT infrastructure in the application process. Upon hearing this, some clients are hesitant about having us “looking in their systems.” As brokers, it falls on you to explain how the technology works (emphasize that we’re only seeing what is visible to the world at all times) and explain how these tools work to reduce security risks for their organization in the long run.
We’re a tech-driven society, and that’s only becoming more apparent. Which means we’re going to be tasked with finding new ways to protect sensitive data, especially in the wake of newsworthy security breaches. We may see more exclusionary language when it comes to what kind of data organizations possess, and how they’re securing it.
No matter what the future holds for the cyber insurance market, there will always be a need for a broker’s human touch. How do we balance that with growing digital demands? Only time will tell.
This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.