TORONTO — Companies looking to purchase insurance against cyberattacks in which their data is held for ransom will soon find it more expensive and difficult to obtain, according to a cybersecurity expert.
Brent Arnold, a partner at law firm Gowlings WLG in Toronto, said Canada is facing a proliferation of criminal attacks that use software to lock up corporate data that can only be released by paying a ransom to get an encryption key.
In response, insurers are reducing coverage for sectors that are at high risk of ransomware attacks, such as health care and education, he said.
"So they're lowering the amount that they'll cover companies … and they're capping the amount that they will pay for ransom payout," Arnold said in an interview.
In addition, he said a U.S. study found that 73 per cent of insurance brokers and agents are declining more applications.
"And the other thing that we're seeing is that not only are they less willing to accept applications but they're doing a lot more due diligence and kicking the tires and who they prepared to cover," Arnold said.
"They're not just taking the applicants' word for it anymore. They're basically having professional firms audit them to make sure that they're as good as they say they are when they apply."
An index from the Marsh McLennan insurance group registered a 35 per cent year-over-year increase in U.S. rates in the first quarter of this year, following a 17 per cent increase in the previous quarter.
Katharine Hall, a cyber insurance expert at Aon Canada, said prices for coverage are definitely going up but the amounts depend on the profile of the customer, the nature of the policy and the insurer's appetite for taking on added risk.
"If you're a well-managed risk … (and) you've done all the things you're supposed to do, we are looking at a 25 to 35 per cent increase in terms of rate," Hall said in an interview.
For insurance customers that are considered more of a risk, increases of 50 to 60 per cent won't be uncommon, she added.
Insurance providers in other countries have become a prime target for criminals seeking its customers’ identities and scope of coverage. Knowing what victims can afford to pay can give them an edge in ransom negotiations.
The U.S. cyber insurance industry is now teetering on the edge of profitability, upended by a more than 400 per cent rise last year in ransomware cases and skyrocketing extortion demands. As a percentage of premiums collected, cyber insurance payouts now top 70 per cent, the break-even point.
— With files from The Associated Press
This report by The Canadian Press was first published July 8, 2021.
David Paddon, The Canadian Press