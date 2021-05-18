Here’s what AM Best, Fitch Ratings, and CyberCube think about the recent ransomware attack that shut down Colonial Pipeline:

AM Best: Spotlight on Cyber ​​Insurance

The ransomware attack on one of the largest pipelines in the United States highlights the interdependence of cyber risk and the importance of cybersecurity to all business operations, according to a new commentary from AM Best.

In his commentary to Best, “Attack on Colonial Pipelines Shines a Light on Cyber ​​Insurance Market,” AM Best notes that premiums for stand-alone cyber policies increased by more than 28% in 2020, reflecting increases in pricing and an initiative from the insurance industry to get more clarity on their cyber underwriting factors.

While premiums in the US $ 2.7 billion cyber insurance market have grown healthy in recent years, an even larger increase in claims has eclipsed the growth in the market. From 2017 to 2020, according to the commentary, the annual premium increased by an average of 19%; however, complaints increased by 38%, reflecting a steady increase in the sophistication of criminals’ ability to penetrate and deactivate networks.

The attack on the Colonial Pipeline, which closed 5,500 miles of pipeline between Texas and New Jersey, is “a manifestation of this growing sophistication and many insurers are now realizing the significant risks inherent in this industry.” , according to the rating agency.

“As the Colonial Pipeline attack demonstrated, cybercrime is a very complex risk, with significant impacts for both clients and insurers,” said Sridhar Manyem, director of research and analysis at industry.

“The classifications of these events as terrorism, criminal activity or acts of war have different implications for insurance and will require guidance from government entities as clients and insurers navigate these cases. . “

AM Best said the escalation of ransomware attacks has also forced insurers to rethink the world, as evidenced by AXA Insurance’s decision in France to end reimbursements for ransomware crimes.

“Insurers who do not have the appropriate expertise, capacity and controls for cyber insurance risks could experience losses outside risk tolerance, which could impact ratings,” said the . comment finished.

Fitch Ratings: Ransomware Attacks Growing Global Threat

The recent proliferation of ransomware attacks shows how cyber risk is crossing industries and becoming a growing global threat to security and finance, says Fitch Ratings. The volume, size and sophistication of ransomware attacks are expected to increase as the risk of criminal prosecution remains low and incentives to profit remain high. Fitch views the increase in attacks and severity as negative credit; however, each incident will be assessed in the context of each issuer’s credit profile.

Ransomware attacks increased 485% in 2020 globally, according to Bitfdefender, accounting for nearly a quarter of all cyber incidents, with total overall costs estimated at $ 20 billion per Purple Sec. Ransomware attacks that threatened to unleash stolen data are on the rise and accounted for 77% of total attacks in 1Q21, which has helped drive up the cost of ransomware attacks, with an average 1Q21 ransom payment of $ 220,298, up 43% from 4Q19, according to Coveware.

Fitch says recent incidents may stimulate internationally coordinated public and private efforts to help prepare for and mitigate ransomware attacks. The Institute for Security and Technology recently released a Ransomware Task Force report stating that tackling ransomware should be a global priority. The US Department of Justice has created a ransomware task force with the FBI and federal prosecutors to strengthen coordination with the private sector and other agencies.

Issuers with less sophisticated networks, security systems and IT services may be the most vulnerable to attack, but the potential for downside risk is higher in larger and more strategically important entities. according to Fitch.

Ransomware targets all industries and geographies, but some industries have proven to be more attractive targets than others. Professional services firms, such as smaller law and financial services firms, are popular targets of ransomware attacks because they typically possess valuable personally identifiable information, payment data, or intellectual property. Cyber ​​attacks on schools and local government healthcare providers more than doubled to 2,354 in 2020, from 966 in 2019, according to Emsisoft.

CyberCube: pipeline attack is a ‘wake-up call’ for insurers on risk accumulation

Cyber ​​attack on major U.S. fuel pipeline is a warning to insurers about the potential for cyber risk to build up around critical infrastructure or technological systems that affect large numbers of connected organizations, according to analyst firm cyber risks CyberCube in its Analysis.

The Colonial pipeline is connected to 30 petroleum refineries and nearly 300 fuel distribution terminals across the United States. In addition, thousands of gas stations, consumers, and hundreds of businesses, including transit hubs such as airports, rely on Colonial for fuel.

According to CyberCube, the colonial attack demonstrates the vulnerability of so-called Single Points of Failure (SPoF) to cybercriminals. SPoFs are physical or electronic components or entire businesses whose failure will shut down an entire system and affect many end users.

“Colonial is a taste of what’s to come. Criminal ransomware operators and nation-state sponsored threat actors are increasingly turning to attacks on SPoF, ”said William Altman, cybersecurity consultant at CyberCube. “By attacking SPoF, criminal attackers will create maximum leverage to convince their victims to pay ransom, and nation state actors will use SPoF as a jumping off point to adjacent systems to conduct ransom operations. espionage and other information operations. While we have yet to witness a true cybersecurity build-up catastrophe event, the writing is on the wall. Recent attacks on SPoFs like SolarWinds, Microsoft Exchange and Colonial Pipeline clearly indicate the direction the industry is taking.

“It should now be perfectly clear to the insurance industry that catastrophic cyberattacks and the potential for catastrophic losses are no longer just science fiction. In 2021, it will be widely recognized that a rigorous and structured approach to managing the accumulation of cyber risks is now a prerequisite and a necessity for all (re) insurers.

Colonial discovered that its computer systems had been hacked on May 7. Prior to that date, CyberCube said, its Account Manager subscription tool had previously reported several high-risk signals for the Colonial pipeline, including malware infections and the ability for a remote user to access Colonial’s network through a port. Open RDP, which is. of the most common ransomware attack vectors.

“The attack highlights the growing need for underwriters to assess basic cyber hygiene as well as the specific risks of threats such as ransomware for organizations of all sizes in all industries,” said Yvette Essen, Head of Content for CyberCube.

According to CyberCube, the attack was carried out by a group of organized criminals who likely have tacit approval but not operational support from the Russian government. The group, DarkSide, reportedly removed nearly 100 gigabytes of data from Colonial’s network in just two hours before encrypting company data and leaving a ransom note threatening to leak company data if no payment is made. ‘was performed. This is known as the Double Extortion Ransomware Attack and provides an example of the rapidly changing nature of the cybercriminal playbook.

DarkSide inadvertently destroyed 5,500 miles of critical U.S. oil pipeline infrastructure, causing a week of downtime before a $ 5 million ransom payment was made.

