A look ahead: Cyber Claims in 2020
By Eric Lidman, Assistant Vice President, Professional and Cyber Liability
Looking toward 2020 (and beyond), phishing scams designed to provide hackers access to cloud-based Microsoft Office 365 accounts are increasing at an alarming rate, as cybercriminals recognize the wealth of corporate and client information they can harvest once such accounts are compromised. As long as email remains an essential business tool, phishing schemes will continue to evolve in 2020 and beyond, resulting in significant insurance claims.
Ransomware attacks follow close behind phishing as a substantial source of cyber claims (though the two are often linked). However, their overall number has decreased in 2019 as cybercriminals focus fewer attacks on larger businesses, which are more likely to pay ransoms than risk extended interruptions of crucial operations.
Ransomware attacks are increasingly targeting government entities that perform essential public functions, but are generally perceived by hackers to lag behind the private sector in terms of cybersecurity protection. For example, ransomware attacks on U.S.-based state and local governments continue to make headlines and result in significant insurance claims, with no end in sight. In September, over 20 Texas government entities were subject to a coordinated ransomware attack. Similarly, the City of Baltimore was subjected to a highly publicized ransomware incident in May 2019, which resulted in the loss of considerable data. Other such malware attacks in 2019 targeted small cities in Florida, Georgia and New York; school districts in Louisiana; the court system in Philadelphia; and countless similar entities across the U.S. (and around the globe). These government-focused ransomware incidents will continue to drive cyber claim activity through the remainder of 2019 and into 2020 (especially as national elections approach and voter databases and voting systems emerge as high-profile, time-sensitive targets).
In addition, the ripple effects of the EU’s General Data Protection Regulation (GDPR) are finally starting to reach cyber carriers, as subject companies begin responding to stricter breach disclosure requirements and regulatory inquiries. These claims will certainly see an uptick in 2020.
Examining 2019 cyber claims activity from an industry perspective, professional firms (phishing), financial services (increased use of poorly-protected third-party vendors), manufacturing (ransomware) and retail (point-of-sale malware) lead the pack, with the aforementioned public sector coming on strong.