Colonial Pipeline attack brings ransomware to the fore

May 25, 2021 / 3 min read

The increasing scale and sophistication of ransomware attacks–as seen with the shutting down of the Colonial Pipeline in the United States–has generated a lot of public attention and highlighted the importance of greater industry collaboration and data aggregation to tackle these evolving threats.

Ransomware has emerged as one of the toughest challenges for cyber insurers to overcome due to multimillion-dollar random demands threatening insurers' balance sheets; the relatively low risk of threat actors getting caught, which has led to more frequent attacks; and the lack of data to support decisions around cover.

inline

After the Colonial Pipeline incident, U.S. President Joe Biden signed an executive order to help improve the nation’s cybersecurity and remove barriers to sharing threat information between federal government agencies and their private sector vendors. While this order did not refer to peer-to-peer private sector arrangements, it may encourage insurers to come up with common standards for cyber risk, more frequently report the magnitude of ransomware attacks, and to share what they learn with other insurers.

These insights were shared by a panel of cyber insurance experts on the benefit of data aggregation and its application for writing cyber insurance more confidently. The discussion was part of Verisk’s Cyber Monday Series.

Here are three key takeaways:

Cyber aggregation risk can reach catastrophic levels. Large numbers of claims that stem from a single cyberattack can easily mount up, especially when supply chains and critical infrastructure are targeted, as seen with the Colonial Pipeline. Threat actors have learned how to monetise hacking activity more effectively and are taking advantage of encryption, data exfiltration, and increased vulnerabilities from employees working from home.

Models don’t always paint the same picture. There are often large discrepancies among cyber risk models, and loss estimates for aggregations of cyber risk can be wildly different for scenarios such as mass data breaches, service provider outages, and ransomware. This is to be expected since cyber is evolving as a coverage and exposure, and the threat landscape is constantly evolving. It’s critical for market participants to conduct their due diligence and identify and manage to the true drivers of aggregation. But it’s also important that they evaluate their portfolio against new emerging scenarios.

We’re in this together. Information sharing between the public and private sectors and coming up with common standards will play a large role in moving the market forward. The full cost of a cyberattack can often be difficult to establish, and coverage can vary for business interruption, extortion, incident liability, data recovery costs, and incident response costs. Sharing of anonymised claims and other data can help the industry handle its cyber exposure and improve strategic decision making.

Verisk offers a full suite of Cyber Solutions that can help underwriters accurately identify their exposures, benchmark their results, and gain a clearer picture of cyber insurance trends.

To learn more about the risks of siloed cyber data and how access to aggregated cyber data can help insurers solve some of the challenges they face in the market, please watch our Verisk Cyber Monday session on demand.