Aon launches Ransomware Defence to address growing challenges around cyber insurability

Cyber Insurance

Aon launches Ransomware Defence to address growing challenges around cyber insurability

14 October 2021

Insurers are experiencing mounting losses, largely driven by the proliferation of ransomware, with the frequency of events up nearly 500 per cent since 2018. The increased frequency and severity have driven significant rate increases and led to more difficult insurance placements and renewals in the cyber insurance market. To combat increasing losses, insurers have begun evaluating whether their insured have instituted adequate security controls. An unfavourable evaluation will most likely lead to a company being uninsurable. While larger organisations may have more sophisticated security controls in place, many mid-market organisations across UK and EMEA are failing to demonstrate adequate preparedness. This makes them both more vulnerable to threats and can lead to very difficult, if not impossible, cyber insurance placements.

Ransomware Defence brings Aon’s cyber security expertise and capabilities together into one solution to help mid-market organisations improve and demonstrate their cyber preparedness. This offering can help a client mitigate their risk of a ransomware attack while also facilitating their cyber insurance placement. The offering includes an Attack Surface Assessment, External Threat Scanning, Cyber Attack Simulations and an Incident Response Readiness Assessment.

Richard Hanlon, Chief Commercial Officer, EMEA, for Aon’s Cyber Solutions, says, “Ransomware incidents are becoming more frequent, sophisticated and targeted, while ransom demands themselves are growing. These dynamics are leaving many businesses more exposed to cyber threats and unable to get the essential insurance coverage they need in response to an event. By launching Ransomware Defence, we will proactively provide clients with a comprehensive solution to address these challenges.”

Closer to home, South Africa has seen an influx of cyber insurance requests following the introduction of POPIA. But according to Zamani Ngidi, Cyber Solutions Client Manager at Aon South Africa, client risk maturity levels are not aligned with requirements from insurers, especially in the mid-size market space. “Our Ransomware Defence seeks to remediate insurer requirement challenges and address the fact that there has been a considerable increase in ransomware attacks in the past 18 months, largely attributable to the mobilisation of the workforce in the wake of the COVID-19 pandemic. Most entities were not ready for the rapid shift to a remote and lean workforce, and criminal threat actors exploited this. This makes the Ransomware Defence offering more relevant than ever in this increasingly volatile threat environment,” he explains.

To provide further guidance on increasing security and improving cyber insurability, Aon has also launched a new guide, Ransomware Defence Recommended Practices. This guide includes a checklist to help determine the ransomware defence maturity level and preparedness of an organisation, helping them to navigate new forms of volatility and shape better decisions that address this long-tail risk.

Aon has responded to some of the most high-profile incidents in the last decade[1], managed more than 2,000 cyber claims globally since 2012 and placed over USD 1.3 billion in cyber premiums in 2020.

Tracie Thompson, Head of Commercial Risk, EMEA, at Aon, adds: “We are experiencing a cautionary approach to insuring cyber risks by a majority of insurers; through Ransomware Defence we can help organisations increase their level of security and provide more accurate assessments of their defences, lowering the likelihood of successful attacks and positioning them strongly to access the insurance they need.”

More information about Ransomware Defence is available here.

[1] [1] McMillan, Robert and Ryan Knutson. “Yahoo Triples Estimate of Breached Accounts to 3 Billion.” The Wall Street Journal, 3 October 2017; Finkle, Jim and Anya George Tharakan. “Yahoo says one billion accounts exposed in newly discovered security breach.” Reuters.com. 14 December 2016; Volz, Dustin and Jim Finkle. “U.S. senator seeks SEC probe of Yahoo disclosure on hacking.” Reuters.com, 26 September 2016.