Decline in Cyber Insurance Claims: Good News, or Just a Sign of the Times?

Last week Corvus released their Risk Insights Index for 2021 Q4, and there was a decline in cyber insurance claims. From Q4 2020 through to Q2 2021, there was an increase in ransomware claims. But then in Q3 2021, there was a drop of 50%.  Corvus said that this was due to a shift in how organizations were looking at cybersecurity, but we believe it might be more than that. Michael Hill at CSO Magazine spoke with various people in the cyber insurance industry, and all were hopeful that this signaled a start of a new era, where insurers work alongside cyber security services to minimize exposure to ransomware attacks or cyber security issues for policyholders by initiating risk mitigation strategies.

While we are hopeful that this drop is based on the increased security posture of our clients, we want to urge caution.

Law Enforcement Actions

This week the confirmation that the US government, alongside other nations, hacked and crippled one of the most well-known ransomware gangs REvil (aka Sodinokibi).  Lisa Vaas in Threatpost breaks down the timeline of the law enforcement’s hack on Revil’s payment site, chat site, and negotiation portal in July 2021.  Even the recent dark web activity attributed to them is now thought to have been law enforcement trying to catch their associates.

BreachQuest’s own Jake Williams said in this CSO article: “Given the law enforcement actions against REvil and saber-rattling by the US government, it’s not surprising that ransomware claims have dropped off in Q2 and into Q3. The statistic that ransomware claims involving payment dropping in Q3 are undoubtedly correct, though there may be some misattribution of the cause.”

From Russia with Love

In July 2021, President Biden had a telephone conversation with President Putin. “I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said. Jake Williams explained it best to Jonathan Grieg from ZDNet in July: “The Russian government didn’t care about the cybercrime occurring within its borders as long as it didn’t impact Russia itself. That has clearly changed – the Russian government can clearly see they are being impacted by the actions of these actors”.

OFAC Report

On October 15, the Office of Foreign Assets Control issued an advisory outlining the risks of paying ransoms. We outlined it in detail in Breaking Down Recent Updates in the US Treasury’s Fight against Cybercrime. With the federal government paying such close attention, stakeholders increasingly ask whether they have potential liability by paying. BreachQuest does not make ransom payments preferring instead to utilize our Remediation and Recovery team to address ransomware incidents. For those situations where payment is required, BreachQuest partners with reputable payment organizations, though OFAC’s guidance has undoubtedly modified our clients’ decision calculus.

Only Time Will Tell

While we want to remain optimistic, the decline in cyber insurance claims from ransomware went down 50% in Q3 2021 seems less and less likely to be only a change in the data security posture of policyholders. It seems far more likely a perfect storm of the above scenarios.