Rise in ransomware attacks to boost cyber demand; Fitch warns on risks to insurers

Large-scale ransomware attacks, such as the ‘WannaCry’ on May 13-15, are highlighting the vulnerabilities in companies’ IT systems, which is in turn likely to increase the demand for related insurance protection. But Fitch Ratings warns insurers against aggressive expansion.

The ransomware dubbed WannaCry affected computers in factories and hospitals in over 150 countries, disrupting processes as access to files was interrupted.

Fitch said that tallying the costs from these attacks will take time, and has recommended a cautious approach as there is considerable uncertainty in pricing and underwriting this risk.

US insurers wrote approximately $1.3 billion in cyber coverage in 2016, and this market could grow more than tenfold to $14 billion by 2022, the ratings agency said.

Fitch also warns that aggressive expansion by individual underwriters into the segment could be credit negative. Aggressive growth in stand-alone cyber coverage, or movement to high portfolio concentration in cyber, would be viewed as negative for an insurer's credit profile.

Fitch continued: “Underwriting, pricing and reserving uncertainties would outweigh the potential earnings growth benefits. Controlled growth as part of a diversified portfolio, coupled with continually enhanced underwriting standards, would generally be neutral for the credit profile.”

“Insurers' reluctance to write more cyber coverage lies with challenges in establishing actuarially robust pricing and coverage terms for cyber-related risks given still-limited data from historical claims losses,” Fitch said.

“The evolving nature of events and uncertainty regarding the source and range of potential losses add further challenges.”

Ransomware attacks are on the rise. A report from Beazley named Beazley Breach Insights – January 2017, showed that that the number of ransomware attacks had quadrupled in 2016, and is expected to double again in 2017.

Matt Webb, global group head of cyber at Hiscox, also commented on WannaCry: “We have seen a rise in ransomware attacks over the last 24 months. Generally these incidents are resolved fairly quickly; for example if the insured has good IT hygiene they can simply restore from back-ups. They are normally small, but Friday’s incident exploits a Microsoft vulnerability which has allowed the malware to spread more easily.”

Webb suggested that hackers are incredibly crafty at finding vulnerabilities, and recommended three things businesses can do to keep on top of ransomware attacks: “Firstly, keep patching up to date. Second, do regular phishing training with staff. Last, have good back up procedures in place to aid recovery.”

For a wider view of cyber threats and how they are changing insurers’ approach to this line of business, click here.

Today’s stories

Insurers moving little personnel out of the UK in Brexit move

AXA appoints CEO of new business unit in innovation move

JLT Specialty hires executive vice president for US operations

Insurers oppose merger of European regulator

Beazley hires former Berkley, XL execs for US environmental team

Did you enjoy reading this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.