What We Do
How we do it
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
Jan 19, 2023
Increased Activity in Google Ads Distributing Information Stealers
THE THREAT On January 18th, 2023, eSentire Threat Intelligence identified multiple reports, both externally and internally, containing information on an ongoing increase in Google advertisements…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Dec 13, 2022
eSentire Named First Managed Detection and Response Partner by Global Insurance Provider Coalition
Waterloo, ON – December 13, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced it has been named the first global MDR partner by Coalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes. Like Coalition, eSentire is committed to putting their customers’ businesses ahead of disruption by improving their…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Sep 14, 2021

As Ransomware Threats Rise, the Cyber Insurance Market is Shifting Gears

4 minutes read
Speak With A Security Expert Now

Ransomware attacks, and the sophisticated threat actors and groups behind them, have evolved considerably over the past few years, from opportunistic and transactional attacks, to the threat landscape we see today, dominated by debilitating, targeted ransomware campaigns.

In response, many organizations obtain cyber insurance coverage from their insurance providers to offset the rising costs of a damaging ransomware attack, including ransom and extortion payments, system recovery costs, investigation costs, customer notifications and credit protection, public communications services, and other legal costs.

According to a report published by Howden, an insurance provider, the gross written premiums for the global cyber insurance market could reach $20 billion USD by 2025, up from under $5 billion USD in 2016.

However, the cyber insurance market is still relatively new, so many providers have limited understanding of how much risk exposure organizations have to cyber attacks. Lacking well understood actuarial data and resulting risk quotients for cyber risks and the ever changing costs resulting from cyberattacks, underwriters struggle to understand the financial risk associated with a specific policy, and policy fees, coverage and requirements vary greatly.

Heavier restrictions may be on the horizon

Most affirmative cyber insurance policies (i.e. standalone policies strictly underwritten for cyber risk) provide protection to organizations against six types of security incidents: data breaches, network security liability, cyber extortion, technology disruption, cyber theft & fraud, and communication & media liability.

To reduce their own risk exposure, cyber insurers have not only begun to offer more restrictive policy terms and coverage limits, but also increased premiums for midsize and large companies by upwards of 20%.

Many reports claim that the sharp demand for cyber insurance has further emboldened cyber criminals to launch more cyber attacks. Since insured organizations can receive a payout to recover their costs, they may be more likely to give in to the adversaries’ demands. There may be some merit to this belief; Joseph Blount, CEO of Colonial Pipeline, publicly stated that the company had filed a claim with their cyber insurance provider for the $4.4 million ransom it paid.

Cyber criminals are also taking note of the global demand for cyber insurance. It's likely that many threat actors are targeting organizations with good cyber insurance coverage. DarkSide, the group responsible for the Colonial Pipeline attack, allegedly does reconnaissance on cyber insurance coverage when hunting for potential targets.

In response, cyber insurance providers have begun to implement heavier restrictions in how companies can use their payouts. AXA, a major insurance carrier in Europe, will no longer cover ransom payments as part of any cyber insurance policies underwritten in France. It’s interesting to note, that within weeks of this public statement, one of their subsidiaries was shut down in a ransomware attack attributed to Avaddon, a well-known ransomware group.

Cyber risk management is key for favorable cyber insurance pricing

In addition to restrictive coverage and rising premiums, many cyber insurance underwriters are expecting organizations to provide detailed plans of how they are managing cyber risk.

The lack of strong cyber risk management protocols can send a signal to providers that the organization is not only over-exposed to a cyber attack, but is also unwilling to take the required precautions to prevent one from occurring, making it a ripe target for cyber criminals in the future.

Therefore, organizations need to prove the specific measures they're taking to prevent cyber attacks, such as enabling multi-factor authentication (MFA), roles-based access rules, etc.

Some cyber insurance providers are actively taking steps to ensure that their policyholders are aware of where they stand with regards to cyber risk. In May 2021, Liberty Mutual Insurance announced a strategic partnership with SecurityScorecard to help policyholders receive a rating score with a detailed analysis of their cyber risk management practices.

What does this mean for your business?

We have already seen the crippling effects of ransomware attacks on industry giants, such as Colonial Pipeline, SolarWinds, and more. The fact of the matter is that even if businesses are able to recover their data and restore faith in their business operations, the effects of ransomware can linger for years to come.

The best way your organization can combat a ransomware attack is by focusing on threat prevention and detection first. To effectively manage cyber risk, we recommend that businesses should:

The message from cyber insurance providers to organizations is clear: your ability to manage cyber risk will play a significant role in the premium you pay and the coverage you receive. Those that are well-prepared for ransomware attacks will likely be in a more favorable position to receive better coverage and premiums than those who adopt a laissez-faire approach.

So, as a cybersecurity leader, ask yourself: what kind of an organization do you want yours to be?

To learn more about how Managed Detection & Response can help your organization detect and contain threats before they become business-disrupting events, book a meeting with an eSentire security specialist.

View Most Recent Blogs

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.