English | French Canada
Ransomware losses increasing
Aon Insights

Ransomware losses increasing


Ransomware attacks are on the rise, as evidenced by statistics contained in NetDiligence’s 2018 Cyber Claims Study, which reports on covered loss events and claims trends as conveyed by underwriters of cyber and privacy liability insurance. NetDiligence noted that, out of 1,201 covered cyber loss events spanning 2013 to 2017, ransomware was responsible for 15% of claims – the second highest cause of loss overall.

However, when examining loss data for 2017 alone, ransomware was the source of 31% of the 298 reported claims – occupying the top spot overall. It’s evident that the prevalence of ransomware is increasing, and it typically does not discriminate by company or industry.

In 2019 specifically, two specific types of ransomware have been targeting organizations: LockerGoga and Ryuk. Two manufacturing companies based in the U.S. were recently subject to phishing attacks, which led to ransomware ultimately being deployed. In one instance, a hacker installed malware on the computer of an employee. The network was then penetrated, which led to malware being circulated more broadly to several machines. The cyber criminals involved gathered several usernames and passwords, ultimately using administrator privileges to identify critical systems. Ransomware was then unleashed, resulting in the encryption of all of the manufacturer’s key data. The company’s operations were subsequently interrupted for over a week, leading to losses of approximately $5 million. The other incident similarly involved phishing, but in that case the resulting ransomware shut down critical manufacturing processes for four weeks, resulting in a significant financial impact to the victimized company.

Ransomware and related viruses and malware are becoming increasingly sophisticated and more difficult to guard against. Moreover, even organizations with the most advanced cyber security cannot fully mitigate the effects of human error – a key vulnerability that led to the success of the ransomware attacks described above. A cyber liability insurance policy can provide valuable first and third-party coverage in the event of a network security breach, including crises management costs towards IT forensics, legal counsel, notification to third parties and establishment of a call center. The first party coverage under the policy can also provide indemnity for lost revenue, and ordinary operating expenses, should a company face operational downtime as a result of a cyber incident. The third-party portion of the policy could respond should the insured face lawsuits or claims stemming from a breach of network security, or it’s unintentional (1) participation in a denial of service attack or (2) transmission of malicious code to third parties. In a ransomware or cyber extortion situation, in addition to the crisis management costs described above, a cyber policy can potentially provide coverage for the extortion amount requested and expenses resulting directly from the insured surrendering such funds.