What We Do
How we do it
Resources
SECURITY ADVISORIES
Nov 22, 2021
Microsoft Exchange Vulnerability - CVE-2021-42321
THE THREAT eSentire has identified publicly available Proof-of-Concept (PoC) exploit code, for the critical Microsoft Exchange vulnerability CVE-2021-42321. CVE-2021-42321 was announced as part of Microsoft’s November Patch Tuesday release. Exploitation would allow a remote threat actor, with previous authentication, to execute code on vulnerable servers. Prior to the patch release, Microsoft…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Oct 28, 2021
Telarus and eSentire Expand Partnership to Safeguard Enterprises Globally Against Business Disrupting Ransomware and Zero-Day Attacks
London, UK and Sydney, Australia– Oct. 28, 2021 - eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announces the expansion of its partnership with Telarus, the largest privately-held distributor of business cloud infrastructure and contact centre services. Building on their mutual success across North America, Telarus will bring eSentire’s Managed…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
PARTNER RESOURCES
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Sep 14, 2021

As Ransomware Threats Rise, the Cyber Insurance Market is Shifting Gears

Speak With A Security Expert Now

Ransomware attacks, and the sophisticated threat actors and groups behind them, have evolved considerably over the past few years, from opportunistic and transactional attacks, to the threat landscape we see today, dominated by debilitating, targeted ransomware campaigns.

In response, many organizations obtain cyber insurance coverage from their insurance providers to offset the rising costs of a damaging ransomware attack, including ransom and extortion payments, system recovery costs, investigation costs, customer notifications and credit protection, public communications services, and other legal costs.

According to a report published by Howden, an insurance provider, the gross written premiums for the global cyber insurance market could reach $20 billion USD by 2025, up from under $5 billion USD in 2016.

However, the cyber insurance market is still relatively new, so many providers have limited understanding of how much risk exposure organizations have to cyber attacks. Lacking well understood actuarial data and resulting risk quotients for cyber risks and the ever changing costs resulting from cyberattacks, underwriters struggle to understand the financial risk associated with a specific policy, and policy fees, coverage and requirements vary greatly.

Heavier restrictions may be on the horizon

Most affirmative cyber insurance policies (i.e. standalone policies strictly underwritten for cyber risk) provide protection to organizations against six types of security incidents: data breaches, network security liability, cyber extortion, technology disruption, cyber theft & fraud, and communication & media liability.

To reduce their own risk exposure, cyber insurers have not only begun to offer more restrictive policy terms and coverage limits, but also increased premiums for midsize and large companies by upwards of 20%.

Many reports claim that the sharp demand for cyber insurance has further emboldened cyber criminals to launch more cyber attacks. Since insured organizations can receive a payout to recover their costs, they may be more likely to give in to the adversaries’ demands. There may be some merit to this belief; Joseph Blount, CEO of Colonial Pipeline, publicly stated that the company had filed a claim with their cyber insurance provider for the $4.4 million ransom it paid.

Cyber criminals are also taking note of the global demand for cyber insurance. It's likely that many threat actors are targeting organizations with good cyber insurance coverage. DarkSide, the group responsible for the Colonial Pipeline attack, allegedly does reconnaissance on cyber insurance coverage when hunting for potential targets.

In response, cyber insurance providers have begun to implement heavier restrictions in how companies can use their payouts. AXA, a major insurance carrier in Europe, will no longer cover ransom payments as part of any cyber insurance policies underwritten in France. It’s interesting to note, that within weeks of this public statement, one of their subsidiaries was shut down in a ransomware attack attributed to Avaddon, a well-known ransomware group.

Cyber risk management is key for favorable cyber insurance pricing

In addition to restrictive coverage and rising premiums, many cyber insurance underwriters are expecting organizations to provide detailed plans of how they are managing cyber risk.

The lack of strong cyber risk management protocols can send a signal to providers that the organization is not only over-exposed to a cyber attack, but is also unwilling to take the required precautions to prevent one from occurring, making it a ripe target for cyber criminals in the future.

Therefore, organizations need to prove the specific measures they're taking to prevent cyber attacks, such as enabling multi-factor authentication (MFA), roles-based access rules, etc.

Some cyber insurance providers are actively taking steps to ensure that their policyholders are aware of where they stand with regards to cyber risk. In May 2021, Liberty Mutual Insurance announced a strategic partnership with SecurityScorecard to help policyholders receive a rating score with a detailed analysis of their cyber risk management practices.

What does this mean for your business?

We have already seen the crippling effects of ransomware attacks on industry giants, such as Colonial Pipeline, SolarWinds, and more. The fact of the matter is that even if businesses are able to recover their data and restore faith in their business operations, the effects of ransomware can linger for years to come.

The best way your organization can combat a ransomware attack is by focusing on threat prevention and detection first. To effectively manage cyber risk, we recommend that businesses should:

The message from cyber insurance providers to organizations is clear: your ability to manage cyber risk will play a significant role in the premium you pay and the coverage you receive. Those that are well-prepared for ransomware attacks will likely be in a more favorable position to receive better coverage and premiums than those who adopt a laissez-faire approach.

So, as a cybersecurity leader, ask yourself: what kind of an organization do you want yours to be?

To learn more about how Managed Detection & Response can help your organization detect and contain threats before they become business-disrupting events, book a meeting with an eSentire security specialist.


View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.