What We Do
How we do it
Resources
SECURITY ADVISORIES
Sep 23, 2021
SolarMarker Malware Activity
THE THREAT eSentire has observed a recent and significant increase in SolarMarker infections delivered through drive-by download attacks. These attacks rely on social engineering techniques to persuade users to execute malware disguised as document templates. SolarMarker is a modular information-stealing malware; infections may result in the theft of sensitive data including user credentials.…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Aug 25, 2021
eSentire named a Leader in IDC MarketScape for U.S. Managed Detection and Response Services
August 26, 2021 – Waterloo, ON -  eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), announced today that it has been named a Leader in the IDC MarketScape: U.S. Managed Detection and Response Services 2021 Vendor Assessment (doc #US48129921, August 2021). IDC defines the core services an MDR must provide as follows: reduced time for onboarding, 24/7…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Search
Resources
Blog — Sep 14, 2021

As Ransomware Threats Rise, the Cyber Insurance Market is Shifting Gears

Ransomware attacks, and the sophisticated threat actors and groups behind them, have evolved considerably over the past few years, from opportunistic and transactional attacks, to the threat landscape we see today, dominated by debilitating, targeted ransomware campaigns.

In response, many organizations obtain cyber insurance coverage from their insurance providers to offset the rising costs of a damaging ransomware attack, including ransom and extortion payments, system recovery costs, investigation costs, customer notifications and credit protection, public communications services, and other legal costs.

According to a report published by Howden, an insurance provider, the gross written premiums for the global cyber insurance market could reach $20 billion USD by 2025, up from under $5 billion USD in 2016.

However, the cyber insurance market is still relatively new, so many providers have limited understanding of how much risk exposure organizations have to cyber attacks. Lacking well understood actuarial data and resulting risk quotients for cyber risks and the ever changing costs resulting from cyberattacks, underwriters struggle to understand the financial risk associated with a specific policy, and policy fees, coverage and requirements vary greatly.

Heavier restrictions may be on the horizon

Most affirmative cyber insurance policies (i.e. standalone policies strictly underwritten for cyber risk) provide protection to organizations against six types of security incidents: data breaches, network security liability, cyber extortion, technology disruption, cyber theft & fraud, and communication & media liability.

To reduce their own risk exposure, cyber insurers have not only begun to offer more restrictive policy terms and coverage limits, but also increased premiums for midsize and large companies by upwards of 20%.

Many reports claim that the sharp demand for cyber insurance has further emboldened cyber criminals to launch more cyber attacks. Since insured organizations can receive a payout to recover their costs, they may be more likely to give in to the adversaries’ demands. There may be some merit to this belief; Joseph Blount, CEO of Colonial Pipeline, publicly stated that the company had filed a claim with their cyber insurance provider for the $4.4 million ransom it paid.

Cyber criminals are also taking note of the global demand for cyber insurance. It's likely that many threat actors are targeting organizations with good cyber insurance coverage. DarkSide, the group responsible for the Colonial Pipeline attack, allegedly does reconnaissance on cyber insurance coverage when hunting for potential targets.

In response, cyber insurance providers have begun to implement heavier restrictions in how companies can use their payouts. AXA, a major insurance carrier in Europe, will no longer cover ransom payments as part of any cyber insurance policies underwritten in France. It’s interesting to note, that within weeks of this public statement, one of their subsidiaries was shut down in a ransomware attack attributed to Avaddon, a well-known ransomware group.

Cyber risk management is key for favorable cyber insurance pricing

In addition to restrictive coverage and rising premiums, many cyber insurance underwriters are expecting organizations to provide detailed plans of how they are managing cyber risk.

The lack of strong cyber risk management protocols can send a signal to providers that the organization is not only over-exposed to a cyber attack, but is also unwilling to take the required precautions to prevent one from occurring, making it a ripe target for cyber criminals in the future.

Therefore, organizations need to prove the specific measures they're taking to prevent cyber attacks, such as enabling multi-factor authentication (MFA), roles-based access rules, etc.

Some cyber insurance providers are actively taking steps to ensure that their policyholders are aware of where they stand with regards to cyber risk. In May 2021, Liberty Mutual Insurance announced a strategic partnership with SecurityScorecard to help policyholders receive a rating score with a detailed analysis of their cyber risk management practices.

What does this mean for your business?

We have already seen the crippling effects of ransomware attacks on industry giants, such as Colonial Pipeline, SolarWinds, and more. The fact of the matter is that even if businesses are able to recover their data and restore faith in their business operations, the effects of ransomware can linger for years to come.

The best way your organization can combat a ransomware attack is by focusing on threat prevention and detection first. To effectively manage cyber risk, we recommend that businesses should:

The message from cyber insurance providers to organizations is clear: your ability to manage cyber risk will play a significant role in the premium you pay and the coverage you receive. Those that are well-prepared for ransomware attacks will likely be in a more favorable position to receive better coverage and premiums than those who adopt a laissez-faire approach.

So, as a cybersecurity leader, ask yourself: what kind of an organization do you want yours to be?

To learn more about how Managed Detection & Response can help your organization detect and contain threats before they become business-disrupting events, book a meeting with an eSentire security specialist.


eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.