Auxiom brings you Big Reports in 5 Minutes! Join Earl Duby as he discusses the latest findings from Howden’s fourth annual Cyber Insurance Update Report. Earl explains why ransomware is on another uptick in the tech conversation and how the insurance industry is responding with changing prices and policies.
Earl also breaks down crucial statistics including the rise in global ransomware attacks and the decrease in ransom payments, highlighting the unique challenges faced by small businesses. This episode delivers valuable insights into how people just like you in companies of all sizes can better protect themselves in an increasingly complex cyber landscape.
Transcript: All right, welcome back for our latest version of Big Reports in five minutes. We’re going to(0:07) talk about this report right here, which is from an insurance company in London, England,(0:12) a company called Howden. They come out, this is their fourth annual cyber insurance, (0:19) doesn’t really have a title, but it’s their cyber insurance update report.
So they’ve (0:24) done four of these. This one’s got some really cool graphics in it and I thought it’d be (0:29) interesting to just have the conversation about cyber insurance since ransomware is(0:34) kind of making its way back into the everyday conversation. Took a little bit of a break there(0:39) in 2022, but now it’s back in force and this report talks a little bit about why there was a(0:47) lull in ransomware in the 2022 time frame and then just what’s leading to it coming back.
(0:54) But the thing I think is more important is it talks a little bit about the insurance (0:59) industry itself and how the pricing is easing up. So like right away on page number two, (1:08) they talk about just the number of ransomware attacks and how it’s about 85 percent up from (1:17) where it was a couple years ago. And so there’s an interesting chart here that talks about, (1:22) you know, just in terms of the number of ransomware attacks, it’s definitely spiked (1:28) up in 2023.
But then there’s an interesting chart about the number of people that are (1:34) actually paying the ransomware. And so it shows that there’s a definite decline in the number (1:42) of people who are actually paying it while the amount of ransoms are increasing. So it’s a really (1:49) interesting report because it does show you that there isn’t a clear consensus of what’s (1:55) happening in the ransomware space as it comes to insurance.
(2:04) So if we look at this chart here, so this is a chart that shows a whole bunch of (2:11) different statistics that this Houghton Insurance Company came up with. But right at the top of the (2:19) page, it shows 85 percent is the increase in the number of global ransomware attacks in 2023.(2:27) And it also shows a 16 percent or a 17 percent decrease in the number of victims that are(2:35) paying the ransom.
So I just thought that was kind of intriguing that as the number of attacks (2:41) are increasing, especially when you start to factor in double extortion and some of the (2:48) data exfiltration that is happening before the ransomware attack happens, you’re actually seeing (2:55) fewer people paying, which is kind of counterintuitive to the way that I would think about it. (3:01) But when you talk about this little decline that happened in ransomware attacks in 2022, (3:07) these guys are attributing that to the Russian invasion of the Ukraine. So they’re (3:15) and maybe this is common knowledge, I don’t know, I didn’t really make this connection, but (3:20) they’re saying that because Russia invaded Ukraine, all of the ransomware attackers, (3:29) those ransom gangs were all diverting their attention to attacking Ukraine.
And meanwhile, (3:35) other groups were then counterattacking Russian ransomware gangs. And so everyone was getting (3:44) preoccupied with the war in Ukraine and doing all the cyber attacks that were going on there, (3:49) and that led to a decrease in ransomware attacks. But now apparently, even though the war is still (3:55) going on, those people got bored with what they were doing and are now going back to ransomware (4:01) attacks.
So just be aware of that. This chart right here is the one I really wanted to bring (4:12) up though, and so I want to spend a little bit of time here. So this is talking about the (4:16) distribution of ransomware attacks by company revenue size.
And so, you know, a lot of small (4:23) businesses think that ransomware is only a big company problem. But as you look at this chart (4:31) here, it’s clearly skewed towards the smaller end of the revenue band. So you got zero to (4:39) 10 million and 10 to 20 million.
Those companies are significantly being attacked with ransomware (4:49) by ransomware actors. So, you know, this notion that this is something that only Fortune 500 (4:55) companies have to deal with, we really got to get past that stigma because zero to 10 million, (5:02) a ransomware attack can probably put that company out of business, you know. So (5:09) either they’re going to steal their data, they’re going to interrupt their operations, (5:14) or they’re going to take a significant portion of their revenue as the payment.
So if you’re a (5:21) CEO or an owner of a company that is between zero and 20 million dollars,(5:27) you should look at this chart and understand that you are a big target for ransomware actors, (5:35) just because they know that you have fewer defenses than a lot of these companies at (5:40) the other end of the spectrum who spend millions of dollars on defenses. And when you take that (5:48) and you couple it with another chart that they have later in this report, so let me skip ahead (5:55) here because I think these two tie together pretty tightly. So here they’re showing a chart (6:03) that’s broken down by big enterprise and small enterprise.
And so what they’re saying is a large (6:10) enterprise is anyone over 100,000 employees or 5.5 billion in revenue. A small business is (6:19) under 250 employees or under 250 million in revenue. And they’re saying here that less than (6:27) 25 percent of companies that fit into one of those two buckets, so whether it’s 250 million dollars (6:35) in revenue or 250 employees, roughly 25 to 21 percent of companies have a cyber insurance policy.
(6:46) So while those are some of the most attacked companies, they’re also some of the least(6:51) protected companies from a cyber insurance standpoint and a ton of other defenses if you(6:58) really want to investigate other defenses that those companies don’t have. So you know hopefully (7:04) you know there’s a few small business owners that are watching this that this is a little bit of a (7:09) wake-up call that we really have to start focusing on shoring up the defenses and getting some of (7:16) those cyber protections in place because those attacks are out there and they’re gunning for you. (7:25) Then another chart that I thought was pretty interesting, let me find it here, yes.
So this (7:32) chart talks about the estimated economic distribution from major ransomware attacks. So (7:38) what they’re trying to show is the economic impact of a ransomware attack and this one this shows it (7:45) by industry. So you have health care, education, pensions, but what I want to focus on is not so (7:51) much the industry but just on the distribution.
So the red box is the first person cost. So the (8:01) actual company that is being attacked, what percentage of that overall cost is being borne (8:08) by that company versus the third party which is all your customers clients. You can clearly see (8:13) that the lion’s share of the economic cost is borne out by third parties as opposed to the actual (8:22) company that is hit.
So you know as you’re thinking about this you know all of that stuff in the (8:28) the pink or the light shaded color there that is your reputation. That is the impact to your (8:36) reputation for you being hit and you know and brought you know to your knees because of a (8:42) ransomware attack. So just also keep that in mind as you’re going forward.
So you know there’s a ton (8:50) of other information in here and I think it’s a really good report to read and if you’re a small (8:55) business owner you really should take the time to read this because you know they’re talking to (9:01) you about getting proper cyber insurance in place and the fact that cyber insurance is down about (9:07) 15 percent from a year ago says it’s a little bit more affordable than it was. Now you got to look (9:13) at the chart. There’s a pretty good chart on on page 45 that just shows historically how much the (9:22) price of insurance spiked up and then now you see it easing a little bit.
So you know you might be (9:28) able to step back into the cyber insurance market you know because of the prices easing up. But I (9:34) think overall good report here. Lots of good information.
You should be getting cyber insurance (9:40) if you don’t already have it. If you need help with that give us a call here at Auxiom. We can (9:46) help you size out and you know find the right insurance.
We can help you find insurance brokers (9:53) that you can work with. So give us a call and we can help you out. Otherwise read the report (10:00) and it’s a rough world out there so stay safe.
Thanks.
