Cyber underwriters avoid Covid exclusions even as ransomware concerns soar

At this time we have seen no evidence that insurers or reinsurers have added Covid-19 exclusions to Cyber policies, although they are asking clients more questions about business resilience and continuity planning relating to the pandemic amid an “enormous” rise in ransomware attacks, Guy Carpenter’s Siobhan O’Brien has told The Insurer.

O’Brien, who is Cyber Centre of Excellence leader for international and global specialties, Guy Carpenter, explained that the increased number of people working from home has presented an opportunity for hackers to take advantage of what in some instances may be a reduced level of security.

Siobhan O Brien - Guy Carpenter

“As we all move to working from home and remote locations, the increased risk of cyber attacks has become more prevalent,” she said.

“Covid-19 has presented an opportunity for rogue actors to attack vulnerable companies and indeed individuals. For some, working from home can mean more lax security,” O’Brien added.

“This has resulted in the cyber underwriting fraternity asking more questions around Covid-19, asking more questions around business resiliency and business continuity planning,” said O’Brien.

But that has not yet translated to Covid-19 exclusions being introduced into cyber coverage, she said.

“At this time, we note that at no point have we seen Covid-19 exclusions applied to cyber insurance or reinsurance policies,” O’Brien stated.

Underwriters have opted against imposing exclusions even though there has been an “enormous” increase in ransomware attacks.

Ransomware, O’Brien said, has become the most concerning issue for cyber insurers and reinsurers over the past 18 months.

The impact of ransomware is being felt by companies of all sizes, and (re)insurers are looking at their cyber books and trying to establish how best to deal with the challenges faced.

“They’re looking at potentially sub-limiting coverage, they’re asking more questions through the use of ransomware questionnaires [and] they’re working with cyber security companies to help them in their pre-underwriting due diligence,” according to O’Brien.

O’Brien cited a recent Fitch Ratings report which detailed how average ransomware demands have increased by 33 percent to $111,000.

“We can see that this has become an increasing issue for insurers, reinsurers and indeed for the market as a whole,” she added.

Concerns are not just limited to ransomware, however, as O’Brien said phishing attempts “have soared”, while social engineering and impersonation emails have become increasingly prevalent, with victims also facing a growing number of spam emails and texts.