1. Dashboards
  2. Companies
November 19, 2021

Cyber insurers running scared: Ransomware “as profitable as cocaine”

By Eric Johansson

Cyber insurance firms are moving to cap clients’ cover and hike their premiums following a surge of ransomware attacks during the pandemic. While insurers have enjoyed skyrocketing demand for cyber insurance, they believe the payouts have become too steep.

Ransomware gangs are among the big winners from Covid-19. The novel coronavirus provided them with a massive opportunity to attack vulnerable companies and supply chains, thanks in no small part to employees taking their work home without sufficient digital defences.

Numerous recent attacks tell a stark story. Earlier this week, the UK’s National Cyber Security Centre (NCSC) said it had recorded and offered support for 777 cyber incidents over the past year, up from 723 in 2020. Crippling ransomware attacks against Colonial Pipeline, meat processor JBS and IT vendor Kaseya had impacts that were felt by thousands of people.

Why cyber insurance won’t cover as much anymore

Insurers should logically make out like bandits thanks to soaring demand for cyber insurance. However, they have grown skittish about their bottom lines as the threat of cyber crime has grown.

Essentially, the argument goes that – due to the growing number of ransomware attacks – it has become too costly for the insurers to pay to cover ransoms, repair hacked networks, cover business interruption losses and post-attack PR campaigns to fix affected businesses’ reputation. Some ransomware gangs, reportedly, deliberately target businesses that they know have cyber insurance and who are therefore likely to pay out the ransom.

As a result, US and European insurers operating in the Lloyd’s of London insurance market have started to charge higher premiums but only covering half of what they used to cover, according to anonymous inside sources speaking with Reuters. Lloyd’s has actively advised  cyber insurers against taking on any cyber business in 2022. Lloyd’s declined to comment to Reuters.

Business insurance broker Superscript told Reuters one client had seen its cover cut from £130m to £55m whereas the price had jumped from £250,000 to £500,000.

Cybersecurity company Coveware has likened the 98% profit margins ransomware gangs enjoy to that of the cocaine cartels of the 1990s, who had a 91% profit margin. On average, the firm suggested that each attack on average landed $140,000 into the pockets of digital crooks whereas a kilo of cocaine in 1992 would earn traffickers $5,000. While the barriers to entry were very high for Pablo Escobar-like cartels, those barriers are almost non-existent for ransomware gangs.

Understandably, the demand for cybersecurity services has skyrocketed over the course of the pandemic. Looking at the security industry in the GlobalData Technology Intelligence Centre’s Deals database, the number of cybersecurity deals jumped from 557 deals in 2018 to 971 in 2020. As of Friday November 19, the database had recorded 823 cybersecurity deals in 2021. Those deals included venture financing, equity offering, acquisitions, private equity, partnerships, asset transaction, debt offering and merger deals.

Should you pay ransoms?

The news comes just months after the former head of the NCSC, Ciaran Martin, told Verdict that cyber insurance models must be fixed to avoid organisations being incentivised to pay ransoms.

UK Home Secretary Priti Patel has also discouraged companies from paying ransomware gangs’ fees.

“Paying a ransom in response to ransomware does not guarantee a successful outcome,” Patel said in May. “It will not protect networks from future attacks, nor will it prevent the possibility of future data leaks. In fact, paying a ransom is likely to encourage criminality to continue to use this approach.”

To fight back against the scourge of ransomware gangs, Martin said a “serious discussion” must be had about whether banning ransomware payments would work.

Martin also suggested that lawmakers should explore the regulation of cryptocurrencies, which at the moment allow criminals to collect ransom payments (largely) out of the reach of law enforcement.

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.