Prior to 2019, most ransomware attacks were mass-target attacks seeking nominal ransoms amounts. Victims were likely to pay the ransom to regain access to their data.

In 2020, things changed. Cyber criminals began more targeted attacks aimed at the low-hanging fruit from which they could extract higher ransom payments.

"Healthcare, retail, public entities, public schools, community colleges and government organizations were all targeted as low-hanging fruit by cyber criminals across 2020 and 2021,"said RPS Area Senior Vice President Bryan Dobes. "But those attacks were typically conducted in-house by an organization in a vertically oriented attack with a specific entry point."

Ransomware-as-a-Service Is Changing Cybercrime

Today's ransomware attacks, however, are much more sophisticated. Ransomware-as-a-Service (RaaS) — a model in which criminal organization sell subscriptions to their ransomware software — is expected to be one of the biggest threats to the Cyber market over the coming years.

"Ransomware firms are now effectively licensing out proprietary ransomware software, leading to much wider-scale attacks with more potential facets," Dobes said. "This makes it much less likely that an organization — or even a cybersecurity firm — will be able to pinpoint exactly how an attack is developing."

The more sophisticated nature of these attacks has also led to a change in the way cybercriminals are approaching the negotiation aspect of a ransomware attack.

"These new threat actors have effectively ended the negotiation phase of an attack," Dobes warned. "They are now often adopting a take-it-or-leave-it approach: if you don't pay the initial ransom — or you involve a third-party forensics firm — they simply delete your data or sell it on the dark web."

Business Interruption Is the New End Game

Looking to the future, ransomware attacks are diversifying from solely targeting data to charge a ransom to prevent publication of the data on the dark web, and instead are focusing on attacks that take down systems and prevent businesses from operating. As a result, traditionally unaffected sectors are now set firmly in the crosshairs of these cyber criminals.

"Manufacturing is starting to face a much bigger threat from cyber criminals, because while the sector doesn't usually hold a lot of data, it has a very large business interruption risk," noted RPS Area Assistant Vice President Zach Kramer. "I've seen cases where there have been $800,000 to $1 million ransom demands following an attack, and then an additional $2 million to $3 million in business interruption losses.

"Where historically manufacturing has been quite inexpensive for Cyber coverage, we're now seeing a situation emerging where some insurance carriers simply will not cover that sector altogether."

The response by insurers to this changing threat has been widespread and rapid, with a number of exclusions fast becoming commonplace in the market.

Kramer warned that many of these exclusions could appear inconsequential at first, but he warned agents and brokers to look deeper into the wordings of the policies they're considering.

"A lot of the general mandatory endorsements can appear innocuous at first," he said. "But look closer, and they can include significant implications for a policy."

Learn more about what's next for the Cyber industry in the RPS 2023 U.S. Cyber Market Outlook.

Download Report

Contributor Information