720-891-1663
Beazley is one of the largest cyber insurance underwriters in the country, so it has a lot of data that it can draw from.
Of course, the only data that they have is when clients report an incident, so the smaller incidents or companies that don’t have insurance with them or at all are not in this report.
They produce a quarterly report and here are the stats.
In just one quarter, the number of reported ransomware incidents is up 37 percent.
But more important is this statistic:
A quarter of those incidents were caused by a third party yet the insured gets to pay the price for the vendor’s bad security.
Beazley says that in ALMOST ALL cases where a managed service provider was the source of the breach, the cause was the remote access software and that was tied to the vendor using the same password for multiple customers.
And in case you thought you were too small to be hacked —
Two-thirds of the ransomware incidents hit small businesses.
Why are MSPs the new target?
Well, it is not new, but hackers have figured out how to make those attacks more profitable, hence more of them.
And we repeatedly heard that service providers that were attacked do not have the resources to deal with a whole bunch of clients being affected all at once. Sometimes it has taken them a week or two to get all of their client recovered. Occasionally, the providers just go out of business, leaving the client holding the bag. And paying the ransom.
So what does this mean for small and medium size businesses that use outsourced service providers?
Don’t assume you won’t be the target.
Have a plan of what you will do if your systems are out of commission.
Make sure that your service providers are ready to deal with an attack.
And, get cyber insurance. While it won’t get you back up any faster, it may, at least, ease the pain a bit.
If you are a medium or larger business, you probably also use a lot of cloud providers, so this applies to you too. We just assume that you are already prepared for this.
If you are not prepared and you need help? Contact us.
And while I am sure that Beazley would like you to call them if you are in the market for cyber insurance, don’t. Cyber insurance is very tricky and you need an expert on your side. Just ask Target (after 6 years they are still trying to get their claims paid or Merck (who was denied a billion dollars in claims). This is not because the insurance is bad, although some underwriters are definitely better than others, but more likely, it is because they didn’t buy the right policy features and options.
Here are a few tips that Beazley suggests you ask your providers – all of them.
Source: Beazley