Each month, RCM&D’s Cyber Practice highlights key issues in the world of cybersecurity. In this month’s edition of Cyber News Bytes, we discuss why companies may pay a ransomware demand, healthcare industry updates, a new one-stop ransomware shop, and more.
Testing Backups are an Important Preventive Measure
Like many other publications in the cyber realm, this newsletter has put out a significant amount of content on ransomware and its impact over the past year. From recent attacks to loss trends to the federal government’s attempts at intervention, we have covered it all. Preventative measures are another critical topic in the fight against this growing trend. Brian Krebs of KrebsOnSecurity recently published an article introducing another vital component to the ransomware crisis, discussing why organizations will pay ransom demands when an attack occurs. As Brian and others suggest, testing backups is a critical step to ensuring an organization is in the best position possible in the event of an attack. As brokers, we’d be remiss not to remind insureds that this is also something our underwriting colleagues are looking for during the cyber risk underwriting process.
Industry Update: Healthcare
While the evolution of cyber risk has proven that no industry vertical is immune to these exposures, perhaps no industry has been hit harder or is at greater risk than the healthcare sector. The stemming impact can be felt in a recent report from Fitch Ratings, which discusses the financial pressures currently facing the industry due to the severity of cyber threats. The mass amounts of data and an expansive digital landscape create an environment ripe for attacks. Another write-up from JDSupra expands upon these risks, identifying the top security and privacy concerns across the industry and closing with high-level mitigation methods.
US Government Establishes One-Stop Ransomware Shop
The Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security, has established a new website aimed at helping organizations defend themselves from the ransomware epidemic. The site provides organizations with one centralized location to access resources that can assist in understanding the threat of ransomware, how to mitigate risks and steps to take in the event of an attack. It also provides a link to official alerts and statements from both CISA and the FBI, as well as a link to report incidents.
2021 Cyber Market Update
NU PropertyCasualty 360 recently provided their latest cyber insurance market update. According to the report, “cyber risks are growing in frequency, severity and complexity, making them among the biggest threats of our time facing businesses and their insurers.” As a result of these trends, many organizations now consider cyber insurance a mandatory coverage to have in place.
The report goes on to find that ransomware losses over the past year have continued their rise in frequency and severity, resulting in both premium increases and reduced coverage. Phenomenon’s like “Supply-chain attacks” and the potential damage that can result from them are discussed, as well as the various factors that go into the rating of cyber coverage.
Finally, Accenture’s Kenneth Saldanha references four critical elements for end-to-end cyber protection:
- Complete and transparent cyber risk assessments;
- Targeted pre-breach services to reduce risk exposure, including near- and real-time threat monitoring;
- Tailored insurance coverage and other products that keep risk aligned premiums and terms at their center;
- Breach responses services that should include developing a flexible and globally accessible team that can quickly restore companies to their pre-breach state.
Questions?
RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.