Reporting its first half results, carrier Hiscox has drawn attention to significant changes to its cyber offering, as it responds to an increased frequency and severity of cyber claims.
According to Hiscox, the claims have been witnessed across a number of markets, particularly in the US region, impacting both Hiscox USA and Hiscox London Market:
“We saw early signs of this emerging trend three years ago and have been undertaking portfolio actions since 2019. We have adjusted the Group’s cyber risk appetite and implemented corrective actions including repricing, focusing on customers with lower revenues in Retail and writing at higher excess levels in London Market.”
Significantly, it said it is introducing changes to its cyber product offering. For example, in the USA, it has added new features such as co-insurance and a sub-limit for ransomware.
Hiscox also drew attention to the importance of effective cyber risk management:
“We also attach great importance to mitigation actions taken by customers, as human error is by far the biggest business vulnerability when it comes to cyber-attacks. We incentivise all our small business customers with revenues under $10 million to attend the Hiscox CyberClear Academy, a National Cyber Security Centre-approved cyber training programme designed to help learn how to counter cyber risks and develop a positive culture of cyber resilience.”
“Over the last three years we have trained 20,000 people from 5,000 businesses. The Group also conducts extensive internal training, with our key underwriters at the same standard as IT security staff.”
Ransomware is a type of malware that threatens to publish data or perpetually block access to it unless a ransom is paid – and it is a huge issue for business at the moment, with a spate of high profile ransomware attacks hitting the headlines in recent months.
The attack on Colonial Pipeline is perhaps the most significant in a series of similar cyber-attacks from sophisticated criminals, with other targets including meat producer JBS; Toshiba; Axa Insurance; CNA Insurance; and the Irish Health Service.
In the case of Colonial Pipeline significant disruption was suffered by the US East coast energy infrastructure network, and Colonial ended up paying a $4.4 million ransom – though reports have suggested that with the help of US federal agencies $2.3 million of the cryptocurrency demand was subsequently recouped.
And it’s a problem that is not likely to go away any time soon. Indeed, the number of ransomware attacks in 2021 on US companies could end up being as high as 100,000 according to former CEO of Cisco Systems John Chambers.
According to Chambers, US companies are expected to endure over 65,000 ransomware attacks this year, an estimate he noted was conservative, with the ultimate figure possibly being as high as 100,000, as he stressed that cybersecurity is now one of the top three issues facing corporate boardrooms.