So You Think No One Would Want To Attack You
Here is some data to consider:
- The US General Accounting Office (GAO) says the percentage of businesses buying cyber risk insurance jumped from 26% in 2016 to 47% in 2020. Here is why.
Coalition insurance released some data from their claims history.
- Remote Desktop Protocol (RDP) continues to be a big problem according to Coalition and while some (many?) organizations require RDP users to be connected to the company’s VPN, the bug in Sonicwall’s VPN software in 2021 left those organizations defenseless.
- Coalition says claims related to the exploitation of RDP were up 123% with significant losses in both big and small companies.
- They said that ransom CLAIMS were up 10% in the latter half of 2021 and ransom demands ($) were up 20% in the same period.
- They also said that supply chain claims dropped, but Microsoft Exchange is still a serious exploitation opportunity.
- Size does matter, but in the wrong way. The second half of 2021 saw a 40% increase in ransomware attacks on organizations with revenue under $25 million compared to 8 months earlier and a 54% increase in incidents related to business email compromises.
- This February and March, all but one of Coalition’s ransomware claims came from the small and medium size companies.
- There was a 40% increase in claims severity in the second half of 2021 compared to the first half for consumer staples businesses and nearly a 25% increase in claim severity in the energy industry.
Cyber insurance companies are part of the solution and we are already seeing these insurance companies demanding better cybersecurity practices and they are monitoring what you are doing during the entire life of your policy. If they detect a problem, they may come knocking on your door telling you that if you don’t want them to cancel your policy you better fix things. And, when it comes time to renew, you might get sticker shock at your premium quote if you don’t have your cybersecurity program at a level the insurance company thinks is acceptable.
If you need help with your cybersecurity program, please contact us.
Credit: The Record