Russia’s invasion of Ukraine is renewing worries of spillover effects from cyberwarfare in that conflict hitting global computer networks amid an already bad cybersecurity situation.
Before Russia invaded Ukraine on Feb. 24, cybersecurity was already a major concern as a pandemic era cybercrime wave continues plaguing the financial services sector. The resulting chaos has firms shopping for security solutions while fretting premium hikes in cyber insurance.
As to the core issue, The Wall Street Journal reported in January, “The worst-case scenario, cybersecurity experts warn, would be escalating breaches that mimic the 2017 NotPetya attack on a Ukrainian accounting firm that allowed hackers to rampage across other corporate networks, eventually causing an estimated $10 billion in global damage.”
On March 4, Fitch Ratings reported that the “conflict amplifies the broader trend of increased volume, size and sophistication of attacks, with corresponding significant financial, reputational and legal risks to issuers. Corporate IT teams handled 623 million ransomware attacks in 2021, up 105% YoY,” adding that in a one-year timeframe cyberattacks on government targets alone rose 1,885% with healthcare cyberattacks up 775% and retail hacks 21% higher.
It’s putting added pressure on a cyber insurance sector already reeling. But they have a plan.
“Issuers that focus on cyber resiliency, continual threat assessment and business continuity/disaster recovery while working with industry partners and segmenting their IT infrastructure to reduce cyber risks should be best prepared to mitigate the damage from potential attacks,” Fitch said.
Cyber Insurers See Risk
Given the threat landscape and the tendency for entities to pay ransoms to cyberthieves in desperation, insurers find themselves in a dangerous and costly post-pandemic scenario.
On March 10, Harvard Business Review reported that “Cyber insurance is harder for companies to find than it was a year ago — and it’s likely going to get harder” noting that by mid 2021 ransomware attacks were 150% than all of 2020, adding “this has had direct implications for the insurance industry: The uptick in attacks — and payouts — has meant steeper losses for insurers and dulled their appetites for this emerging and often volatile class of business.”
Industry news site Cybersecurity Dive reported on March 3, “Even before the Ukraine crisis led to a full-scale invasion, cyber insurance issuers were under pressure to raise premiums and tighten underwriting criteria. Insurers have had to respond to a wave of ransomware and supply chain attacks against private industry and critical infrastructure providers in the U.S. and other countries.”
In its assessment, Fitch said, “Cyber policies for U.S. P/C insurers have typically included ‘war exclusion’ or ‘hostile act exclusion’ language, similar to P/C exclusionary language found in other property lines of business, stipulating that insurers cannot defend against acts of war,” further complicating the matter for companies seeking to insure against hacks and breaches.
See also: A Proactive Strategy To The Existential Crisis Of An SMB Cyberattack
The Colonial Pipeline ransomware attack in May 2021 demonstrated vulnerabilities that exist from power installations to the IT stacks of retailers, banks and payments firms.
Soon after the Colonial Pipeline hack, Chris Finan, chief operating officer of cybersecurity firm ActZero and former director of Cybersecurity Legislation and Policy at the National Security Council (NSC) for the Obama administration, told PYMNTS, “The more you can get out in front to mitigate risks proactively, the more you can maybe not always prevent these incidents but prevent them from having the big material impact. Almost everybody is grappling with this.”
Fighting Back
Noting that “2021 was considered to be one of the worst years on record for cybersecurity” and adding “More than half of organizations expect to see an increased number of reportable fraud incidents this year, and to fight that, 69% plan to increase cybersecurity spending in 2022,” the new Real-Time Payments Tracker®, a PYMNTS and The Clearing House collaboration, contains numerous case studies examining financial data security measures being taken this year.
Get the report: The Real-Time Payments Tracker®
As companies beef up security in this environment we find a connected economy component, as one downside of the connected economy is the ability to leverage connections for crime.
Cybersecurity firm Crowdstrike Holdings is a top performer in PYMNTS’ new CE100 index tracking the performance of companies vital to pillars of the IoT world we now inhabit.
Showing that investors are keen on the surge, on Tuesday (Mar. 15) cyber insurance Fintech Cowbell Cyber announced a $100 million capital infusion led by Anthemis Group.
In a press release, Jack Kudale, founder and CEO at Cowbell Cyber, said, “As we position ourselves to lead the ‘second wave’ of cyber insurance growth, this funding will accelerate our pioneering approach to cyber risk underwriting and drive growth and profitability while closing insurability gaps.”
See also: Crowdstrike Holdings Stock Surges on Fears of Russian Cyberattacks