The frequency and severity of cyber incidents, particularly ransomware attacks targeting businesses and critical infrastructure organizations, have been on the increase and are unlikely to subside anytime soon. Higher claim counts and loss severity have led to significant and continuing increases in cyber insurance losses. Insurers have made up for this increased risk profile by passing the costs onto consumers in two ways—by both increasing premiums and attempting to narrow coverage.
Over the past few years, ransomware attacks have increased in frequency and demand size. And, increasingly, those attacks have targeted businesses and critical infrastructure organizations from across the globe. This trend is likely to continue. The Cybersecurity & Infrastructure Security Agency noted that cybersecurity authorities in the United States, Australia and the United Kingdom assess that “if the ransomware criminal business model continues to yield financial returns for ransomware actors, ransomware incidents will become more frequent. Every time a ransom is paid, it confirms the viability and financial attractiveness of the ransomware criminal business model.”
Nearly 700 years ago, England captured King John II of France and held him for ransom for four million écus. But France could not afford to pay, and King John II ultimately traded his two sons as substitute hostages to try and secure his own release.
Policyholder Pulse