Following on from our reflective article about last year’s notable hacks and scams, here we look ahead to this year with, we believe, two key areas to maintain a watchful eye on in the cyber/crypto world.
According to a FinCen report, the average amount of reported ransomware transactions per month in 2021 was $102.3 million. Munich Re expects the global cyber insurance market to reach a value of approximately $20 billion by 2025, with the big portion of cyber insurance demand originating from healthcare, professional services, retail, manufacturing, governmental agencies and the financial industry.
Therefore, businesses of all sizes must monitor trends in the cyber insurance market. It is important to remember that directors may be in breach of their duties if they fail to consider such risks. More information can be found in Penningtons Manches Cooper’s article on the subject.
Ransomware attacks – where hackers extort organisations for the return of stolen data – are expected to become ever more prevalent in 2022. In response, organisations must ensure that they have robust cyber incident response plans to mitigate against the almost inevitable prospect of an attack.
The National Cyber Security Centre’s 2021 annual review characterised ransomware as the most significant cyber threat facing the UK this year, revealing that there were three times as many ransomware attacks in the first four months of 2021 than in the whole of 2019.
While attacks on high-profile victims such as Colonial Pipeline, JBS and Kaseya have garnered public attention, cyber resilience should be an imperative for all organisations; 39% of all UK businesses reported a data breach or cyber-attack in 2020/21.
The sharp uptick in ransomware attacks, accelerated no doubt by hybrid working models, is driving an increase in cyber insurance pricing. Cyber risk experts at insurance group Marsh estimate that cyber insurance is now almost twice as expensive as it was two years ago.
Cyber insurance market
Amidst a rapidly changing cyber security landscape, businesses of all sizes must adapt to effectively manage the attendant threats and invest in their cyber resilience. We expect a continued period of cyber market hardening and higher insurance premiums in 2022 as insurance firms respond to the increasing frequency of cyber-attacks. Cybersecurity consultancy S-RM predicts that, in conjunction with higher premiums, we will see a higher prevalence of co-insurance modes, where the insured and insurer agree to share costs of claims.
Law firms and Chambers are not exempt from being vulnerable to cyber-attacks. In February 2021, Jones Day was hacked resulting in hackers releasing gigabytes of data. 4 New Square was also struck by a ransomware attack in June 2021 and actually took the unknown hackers to Court, securing a judgment against the hackers to return the stolen data (although whether this actually leads to anything remains to be seen).
In response to these attacks, the legal sector is working to seek appropriate cover to protect clients. The SRA, working closely with the Law Society, has approved a Professional Indemnity Insurance clause clarifying cybercrime cover. If approved, the clause should be in place for any insurance renewals from early 2022 onwards.