Cohen is a partner at Cohen Ziffer Frenchman & McKenna LLP, a law firm that represents policyholders in insurance matters. Although cybersecurity issues are only part of her business’s workload, she notes that it’s a rapidly growing area for them, and more often than not, companies ask them to audit cyber policies and to review their cyber coverage before ransomware attacks hit them.
As to why people are launching these attacks on business systems, she doesn’t think there’s a big mystery.
“Do you know that expression, when they say it’s not about the money, it’s about the money?” I think it’s about the money, ”she said. “I think at the end of the day, the more profitable this kind of situation, the more people you are going to attract into the field. “
Ransomware attacks typically involve someone gaining access to a computer system with the aim of either stealing data or blocking a legitimate user’s access to it. The “ransom” part comes in when the hacker threatens to publish the victim’s data or hold it hostage until the victim pays a ransom to regain access.
While examples of ransomware attacks date back to the 1980s, it is only in the last decade that a combination of factors has seen this type of attack explode against businesses.
Recent high-profile cases involving major entities such as Colonial Pipeline and meat producer JBS have drawn attention to the problem and the need for enhanced digital security to prevent such attacks.
Lloyd’s, based in London, said the number of ransomware incidents reported worldwide in the first three quarters of 2020 was nearly 200 million, a number which represents a 40% increase in activity compared to the year before – but when only the United States is factored in, that increase skyrockets. at 145%.
Not only is the number of ransomware attacks increasing every year, the people who attack also get more from their victims, with Lloyd’s estimating that the average loss paid for an independent US cyber claim has risen from $ 140,000 in 2019 to 350,000. $ in 2020..
It’s no wonder the firm predicts that the global cyber insurance market will grow from $ 7.8 billion in 2020 to $ 20.4 billion by 2025.
“In 2021, we estimate that 20% of cyber-premiums will be written at Lloyd’s,” said Chief Markets Officer John Tiernan. “This means that we are going to have to do more to increase the capacity of the market to cope with increasingly complex risks and scenarios. We need to better understand how the market should operate and how its underwriting claims sophistication needs to grow in order to respond to market changes. It also means that we will increase our surveillance and take more action against cyber at Lloyd’s.
Taking action is also what Cohen recommends. Until the legislation catches up with the reality of ransomware attacks and governments take the growing sophistication of these attacks seriously, she said it is up to companies to have a plan in place for if and when it does. come.
“The first thing is you really need to let your carrier know quickly,” she said. “You don’t want to be in a situation where you haven’t notified them and then you have a notification problem. It’s number one.
“Number two, you want to involve your carrier in the thinking process, how you’re going to handle it. You need to document your losses very clearly and methodically. Generally, the carriers in these cyber cases are quite cooperative. But that could change over time as these claims become more and more prominent. “