Sanction risk is a growing concern for policyholders and insurers as they face a rising stream of ransomware incidents and allegations, says an expert panel.
Michael Phillips, chief executive of Resilience Cyber Insurance Solutions, said that ransomware is no longer just a criminal nuisance for an individual company, but something that threatens national security.
Events such as the attack on the Colonial Pipeline or JBS's food processing plants have concentrated the minds of business leaders and the general public, but ransomware players are becoming increasingly sophisticated, says Phillips.
"They have developed a business model for ransomware as a service where they engage and specialize in discreet aspects, whether it is money laundering, malware development, finding the victims' potential vulnerabilities," Phillips said.
He spoke on Thursday during a webinar on cybersecurity and ransomware hosted by Bu siness Insurance and sponsored by Resilience Cyber Insurance.
The risk of sanctions ̵
Scott Godes, partner, co-chair-insurance recovery and advisory, at Barnes & Thornburg LLP, said that insurance companies take a very strict approach. as to whether or not a sanctioned entity is involved, making the claims process more challenging for policyholders.
"As a regulated industry, insurers are concerned that they do not want to reimburse a policyholder for an amount paid to someone on the list of not flying," Godes said.
But "if there is even a proposal that "someone is a sanctioned entity, whether credible or not, or if the proposal is withdrawn, carriers still say they will not back down from their position and they will refuse to make amends," he said.
This puts policyholders in a challenging position on how to prove a negative, Godes said.
Thomas Reagan, cyber risk practice leader at Marsh, said part of the challenge is that the underlying situations themselves are very complicated.
The issue of penalty payments is immediately apparent in insurance, but it is available to all parties, he said. "Your lawyer can not advise you to pay penalties, your bank can not withdraw the money, the post office can not sell you a stamp in violation of sanctions on payment to foreign players, "Reagan said.  More expertise will be used in this area in the future, Phillips said. "For victims, attribution is another complexity they need to find out when trying to get their business back on track as quickly as possible," he said.
It is important that organizations turn away from simple prevention to resilience, says Mr. In Reagan. "Organizations need to be resilient, and that does not mean impenetrable or unremitting, it means flexible and adaptable and can bounce back," he said.
Ransomware is to some extent the inevitable downside of all the benefits and benefits of digitization, Reagan said. "When we come out of the pandemic, as much human tragedy as we have suffered, it would have been worse without technology. The way forward will be a digital one. The disadvantage is that organizations are increasingly exposed to cyber risk, he says.
Mr. Phillips noted that ransomware has been the main driver of frequency losses and serious business interruptions in recent years.
From 2019 to 2020, there was a "stratospheric increase in the average demand for ransom to hundreds of thousands for companies of all sizes, with demands of several million dollars becoming a frequent sight," he said. In recent times, there has been a slight decrease in average ransoms and a decrease in frequency, reflecting "perhaps some optimism on the horizon," he said.