The nearly universal transition to a full-time remote workforce through the COVID-19 pandemic exponentially increased the ‘attack surface’ for cybercriminals in 2020.
According to a new report from Guidewire, FBI cybercrime reports quadrupled during the first phase of the pandemic. Phishing attacks spiked 350%, and ransomware demands exploded in 2020 as hackers took advantage of the pandemic and deployed increasingly sophisticated tactics against individuals, businesses, hospitals, and schools.
Even with a vaccine on the way and an eventual return to the office in sight, these evolving, worsening cyber threats won’t let up in 2021. In fact, cyber threats will only worsen, experts say, as the potential targets for criminals to exploit will continue to expand, and corporate networks will be at greater risk of ransomware and cyber attacks.
With the new year ahead, the Guidewire report forecasts the state of cyber risk and prevention tactics in the year ahead, identifying key risk factors and trends. The 2021 Cyber Risk Outlook report examined what is driving these statistics, and what the implications are for cyber insurers heading into the new year.
2020 cyber trends: How criminals exploited a crisis
The transition to a remote workforce triggered an unprecedented increase in the use of personal devices and residential networks for business operations, creating a feeding frenzy for cybercriminals.
Ransomware attacks increased by 40% in the first three quarters of 2020, compared to the same period in 2019, totaling roughly 200 million incidents globally. In the U.S., the surge in ransomware attacks nearly quadrupled the international rate, with reports indicating a 139% increase in ransomware attacks YoY, according to Guidewire. The cost of not paying ransoms worsened, as well.
Employers deployed defenses early in the pandemic as threats evolved and are continuing to adopt new precaution measures as risks worsen.
According to Guidewire, the use of virtual private networks (VPN) surged 112% in just the first six weeks of the pandemic. At the same time, Guidewire says businesses have been digitizing operations “at a record pace” to adapt to new remote working trends, increased virtual consumption, and the need for contactless services. In a nearly universal shift, a global survey found 93% of small businesses reported having more reliance on technology since the start of the pandemic.
The impact on cyber insurance
The explosive, continuous surge in cybercrime activity and the evolution of attack tactics have triggered a simultaneous surge in demand for cyber insurance. As policy uptake has increased, so have prices. According to Advisen, brokers have reported increases of 5–10%, with many buyers frequently requesting higher limits.
The manufacturing and industrial sectors generated the most new-to-market buyers to the standalone cyber market, an Advisen survey found, with nearly half of respondents identifying the sector among their top three.
Price and capacity remain “notable barriers,” though, researchers say, and could determine whether or not this market growth sustains.
At the same time, underwriting cyber has become more challenging.
Three years ago, cyber was a highly profitable line of business with loss ratios as low as 10-15%, the report reads. In 2019, rising claims pushed this figure up to nearly 50%. In 2020, anecdotal evidence suggests cyber loss ratios rose well above 50%.
Some insurers have even reported cyber business loss ratios exceeding 100%, Guidewire says.
“While ransomware is not the only risk at play, it is the primary exposure driving change,” the report states. “According to one major insurer, ransomware accounted for almost 41% of cyber insurance claims in the first half of 2020.”
Read the full 2021 Cyber Risk Outlook report on Guidewire’s website.