Ransomware threatens nationwide safety: Webinar – Enterprise Insurance
Sanction risk is a growing concern for policyholders and insurers as they face a rising barrage of ransomware events and claims, a panel of experts said.
Michael Phillips, chief claims officer at Resilience Cyber Insurance Solutions, said ransomware is no longer just a criminal nuisance to an individual company, but something that threatens national security.
Events like the Colonial Pipeline attack or JBS's food processing facilities have kept the minds of business leaders and the general public in focus, but ransomware actors are becoming more sophisticated, Phillips said.
"They have developed a ransomware-as-a-service business model in which they corporation and specialize in individual aspects, be it money laundering, developing the malware or finding potential vulnerabilities for the victims," said Phillips.
He spoke on Thursday during a cybersecurity and ransomware webinar hosted by Business Insurance and sponsored by Resilience Cyber Insurance.
The risk of sanctions – the possibility of a ransomware actor being identified on a sanctions list or as part of a terrorist group – is a growing concern, according to panelists. If a ransomware actor is on a sanctions list, companies are prohibited from paying ransom.
Scott Godes, Partner, Co-Chair – Insurance Recovery and Consulting Practice, at Barnes & Thornburg LLP, said that insurers have a very strict approach to whether or not a sanctioned company is involved, which makes the claims process more difficult for policyholders.
"As a regulated industry, insurers are concerned that they will not want to compensate a policyholder for an amount paid to someone on the no-fly list," said Godes.
"However, if there is even a suggestion that someone is a sanctioned entity, credible or not, or the proposal is withdrawn, the airlines still say they are not withdrawing their position and refusing to provide compensation," said he.
This puts policyholders in a difficult position on how to prove a negative, Mr Godes said.
Thomas Reagan, head of Cyber Risk Practice at Marsh, said part of the challenge is that the underlying situations are themselves very complicated.
The question of sanction payments is immediately tangible in insurance companies, but it applies to all parties, he said. "Your attorney cannot advise you on how to pay penalties, your bank cannot transfer the funds, the Post office cannot sell you a stamp that violates penalties on payments to foreign actors," Reagan said.
There will be more expertise in this area going forward, said Phillips. "For victims, mapping is another complexity to figure out when trying to get their business back on track as soon as possible," he said.
It is critical that businesses move away from simple prevention to resilience, Reagan said. "Organizations need to be resilient, and that doesn't mean impenetrable or unbreakable, but flexible and adaptable and able to recover," he said.
In a sense, ransomware is the inevitable downside of all the benefits and benefits of digitization, Reagan said. “When we are through the pandemic, as much human tragedy as we have endured, it would have been worse without the technology. The way forward will be digital. The downside is that companies are increasingly exposed to cyber risks, ”he said.
Mr Phillips noted that ransomware has been the number one cause of frequency loss and severe business interruption losses in recent years.
From 2019 to 2020 there was "a stratospheric increase in the average ransom note into the hundreds of thousands for businesses of all sizes, with multi-million dollar claims becoming increasingly common," he said. Recently, there has been a slight decrease in the average ransom demand and a decrease in frequency, reflecting "perhaps some optimism on the horizon," he said.
A recording of BI's ransomware webinar is available here.