Russia’s invasion of Ukraine is reigniting concerns about the fallout from cyber warfare in this conflict, which is hitting global computer networks in an already poor cybersecurity situation.
Before Russia invaded Ukraine on February 24, cybersecurity was already a top concern as a wave of pandemic-era cybercrime continues to plague the financial services sector. The resulting chaos has companies searching for security solutions while worrying about rising cyber insurance premiums.
As for the heart of the problem, the Wall Street Journal reported in January, “The worst-case scenario, cybersecurity experts warn, would be an escalation in breaches that mimic the 2017 NotPetya attack on a Ukrainian accounting firm that allowed hackers to rampage across other corporate networks, causing ultimately about $10 billion in global damage.”
March 4, Fitch Ratings reported that “the conflict amplifies the broader trend of increasing volume, size and sophistication of attacks, with significant financial, reputational and legal risks for issuers. Enterprise IT teams handled 623 million ransomware attacks in 2021, up 105% year-on-year,” adding that in one year, cyberattacks against government targets alone were up 1,885%, cyberattacks in the field of health having increased by 775% and hacks in retail by 21%.
This puts additional pressure on an already reeling cyber insurance industry. But they have a plan.
“Issuers that focus on cyber resilience, continuous threat assessment and business continuity/disaster recovery while working with industry partners and segmenting their IT infrastructure to reduce cyber risk should be better prepared to mitigate damage from potential attacks,” Fitch said.
Cyber insurers see the risk
Given the threat landscape and the tendency for entities to pay ransoms to cyberthieves out of desperation, insurers find themselves in a dangerous and costly post-pandemic scenario.
March 10, Harvard Business Review reported that “cyber insurance is harder to come by for businesses than it was a year ago – and it’s likely to get harder” noting that as of mid-2021, ransomware attacks accounted for 150 % of all of 2020, adding “this has had direct implications for the insurance industry: rising attacks – and payouts – have led to bigger losses for insurers and blunted their appetite for this class of emerging and often volatile activity.
Industry news site Cybersecurity Dive reported on March 3: “Even before the Ukraine crisis led to a full-scale invasion, cyberinsurance issuers were under pressure to raise premiums and tighten underwriting criteria. . Insurers have had to respond to a wave of ransomware and supply chain attacks against the private sector and critical infrastructure providers in the United States and other countries.
In his assessment, Fitch noted“U.S. property and casualty insurer cyber policies typically included “war exclusion” or “hostile act exclusion” language, similar to P/C exclusion language found in other property lines of business, stipulating that insurers cannot defend against acts of war,” further complicating the issue for companies seeking to insure against hacks and breaches.
See also: A proactive strategy in the face of the existential crisis of an SME cyberattack
The Colonial Pipeline ransomware attack in May 2021 demonstrated vulnerabilities that exist from electrical installations to the computer stacks of retailers, banks and payment companies.
Shortly after the Colonial Pipeline hack, Chris FinanCEO of a cybersecurity company ActZero and former Director of Legislation and Cybersecurity Policy at the National Security Council (NSC) for the Obama Administration, told PYMNTS, “The more you can put yourself out there to proactively mitigate risk, the more you don’t. You may not always be able to prevent these incidents, but you can prevent them. prevent them from having a great material impact. Almost everyone struggles with this.
Noting that “2021 has been considered one of the worst years on record for cybersecurity” and adding “More than half of organizations expect to see an increase in the number of reportable fraud incidents this year, and for combat this, 69% plan to increase cybersecurity spending in 2022,” the new Real-Time Payments Tracker®, a collaboration between PYMNTS and The Clearing House, contains numerous case studies examining financial data security measures taken This year.
Get the report: Monitoring of payments in real time®
As businesses increase security in this environment, we find a connected economy component, as one of the downsides of the connected economy is the ability to leverage connections for crime.
Cybersecurity firm Crowdstrike Holdings is one of the top performers in the new PYMNTS CE100 index tracking business performance vital to the pillars of the IoT world we inhabit today.
Showing that investors are keen on the upside, on Tuesday (March 15), fintech cyber insurance company Cowbell Cyber announced a $100 million capital injection led by Anthemis Group.
In one Press releaseJack Kudale, Founder and CEO of Cowbell Cyber, said: “As we position ourselves to lead the ‘second wave’ of cyber insurance growth, this funding will accelerate our pioneering approach to cyber risk underwriting and drive growth and profitability. while filling gaps in insurability. .”
See also: Crowdstrike Holdings shares rise on fears of Russian cyberattacks