Ransomware accounts for a declining share of cyber claims among small to medium-sized insureds, although it is the third most common type of attack, a report published Thursday said.
In the first eight months of this year, fraudulent payments and social engineering scams accounted for more than half of cyber claims among small and medium-sized businesses, while ransomware accounted for just 16% of incidents, said Risk Placement Services Inc., a unit of Arthur J. Gallagher & Co., which based its information on proprietary RPS claims in its Cyber Market Outlook report.
But ransomware attacks today are more sophisticated, with ransomware-as-a-service expected to be one of the biggest threats to the cyber market, the report says.
Among other trends, more cyber regulation is expected, with states like North Carolina and Florida already acting to ban public entities from paying ransomware.
This will be an area of concern for public entities, with several insurers already pulling back from covering public entities, including in the K-12 public education sector, the report says.
The manufacturing industry has been the biggest target for cyber claims, accounting for 19% of the total, according to the report.
Themes expected to emerge throughout the rest of this year and next include cyber insurance programs and pricing that is more commensurate with risk; a potential return to an increase in the frequency of ransomware losses as the situation in Russia and Ukraine evolves; inconsistency in SMEs, with some markets cutting interest rates and easing issuance requirements and others continuing with a more disciplined approach; and a continued increase in social/tech financial fraud claims.
“We foresee innovative threats to critical infrastructure, financial platforms, operational technologies and cloud-based environments,” the report warns.