With cyberattacks continuing to grow in prevalence, impact and sophistication, Graham Company held a webinar last month titled “Cyber Attack and How to Fight Back”. The goal was to provide our clients and leaders across various industries with updates on the ever-changing cyber landscape and best practices to implement into their business strategy. Let’s dive into a few of the panelists and the topics they discussed.
Cyber Insurance Marketplace Update
Margaux Weinraub, Cyber Practice Leader at Graham Company began with an overview of the current cyber insurance marketplace– and the increased underwriting scrutiny organizations must anticipate to find coverage. The cost of cyber insurance increased to 25.5% in the second quarter of 2021, where other lines had moderate increases compared to previous quarters1. The primary reasons are rise in ransomware attacks, lackluster risk management protocols, and lack of employee training.
In addition to the standard application process, carriers are also utilizing external scans, additional questionnaires, and having calls with IT leadership at an organization to learn more about its cybersecurity environment. Furthermore, carriers are limiting aggregate coverage capacity to $5 million and expecting organizations to share the risk exposure by increasing the self-insured retentions and adding coinsurance in the event of an incident.
Margaux further noted that when a company assesses its insurance needs, it should go beyond looking at their internal infrastructure – posture and strength of their internal technology. They need to also include the inherent risk of their industry and external threats like what tools and techniques do cyber threat actors (person or group that take malice or hostile actions using computers, devices, systems, or networks) have that could compromise their organization.
2020 Threats and Threat Actors
Carolyn Purwin Ryan, Partner at Mullen Coughlin, shared staggering statistics surrounding recent ransomware threats that Mullen Coughlin clients have had to deal with. As of August 2021, the average ransomware demand was $1,975,188.29, with a typical payment averaging $477,348.26, paid through cryptocurrency. While negotiations often help to reduce the payout, there is still a significant amount of money involved in these attacks including forensic investigation, legal fees, and data restoration expenses. And it’s important to realize that recent news stories about ransomware payments being recovered are the exception, not the norm.
She also shared with us the breakdown of ransomware-specific incidents by industry. As you can see, no industry is free of this threat – making it critical for every business to have a cyber risk plan in place.
source: Mullen Coughlin, LLC shared a breakdown of ransomware-specific incidents by industry. As you can see, no industry is free of this threat – making it critical for every business to have a cyber risk plan in place.
Preparing for an Attack
Perhaps just as important, a full recovery process from a ransomware attack usually takes about 10 days for businesses to be officially “back online”, creating additional loss of time, money, and resources. To avoid these long delays in production, we recommend allocating between 6-10% of your IT spend on cybersecurity. The most basic security measure that all businesses should have is multi-factor authentication (MFA), or additional sign-in requests for company servers. MFAs are easy to implement and help to remedy all the top threats, both established and emerging risks.
We also heard from Graham’s Chief Technology Officer, Mike McIntire, who outlined how businesses can best conduct employee training, with people now on the front lines of cyberattacks. Instead of leveraging the traditional, annual training method, he recommended looking to inject day-to-day trainings like send phishing emails to employees on a regular basis. If the employee clicks on the link, they instantly receive training that explains what key signs they should have looked for. This allows the company to bring all employees up to speed on best practices, in a positive way.
While there were more topics covered in our webinar, what it boils down to is that business leaders need to be constantly evaluating whether they are doing what is necessary to protect their company, employees, data, and operations from any and all persistent threats. If you’re not sure about the answer, we’re here to help evaluate your unique risk and exposures and provide recommendations to suit your needs
1CIAB Q2 P&C Market Survey 2021