Crawford & Co, Coinnect foresee ‘resurgence’ in cyber risks in 2023

Sponsored Content

After a tail-off in instructions in 2022, Crawford & Co and ransomware specialists Coinnect are looking ahead to a resurgence in cyber risks in 2023.

Paul Handy, global head of cyber risks for the company, told CyberInsurer.com that he expects threat actors in Russia and Ukraine - currently engaged in attacking each other - to turn their attacks towards their previous targets in the global West.

“This year, we've seen a massive tail-off in instructions,” Handy told CyberInsurer.com “As a general rule of thumb, I would say we've received half the number of instructions we received in prior years and that's not to do with our relationships. In actual fact, we're in a business where we have grown our relationships and opportunity during this period. It's to do with the market.”

In 2023, he predicts, attack vectors will be broader, with more phishing activity, social engineering, and potentially also more malware related activity. And ransomware will also see a resurgence.

Massimiliano Rijllo, chief executive of Coinnect, a cyber insurtech start-up and a Crawford partner for cyber technical services, shared recent data with CyberInsurer.com on ransomware attacks extracted from the darkweb using Coinnect proprietary technology. The data is viewable below:

Within Europe, the UK remains the most victimised country, with 16.6% of total attacks. This is closely followed by Germany, which had only 16.1% of attacks despite its slightly larger economy. Italy was the recipient of 13.9% of attacks.

Professional, scientific and technical services remains the industry most hit by ransomware, following by manufacturing in second place.

Handy believes that, generally, the cyber insurance market will see claims tick up at a time when many market participants have taken advantage of sharply higher rates to write more business.

“I think we're now moving into a more competitive market space where we're going to see more volume and more products being underwritten and bound,” he said. “And I think we're also expecting to see claims levels returning to a normal level. It won't necessarily return to the [very high] 2020/2021-type level but I think we will see more claims in the market.”

Rijllo believes this is a turning point for the market: “Insurers are struggling to technically assess and understand cyber risk,” he said. “Premium rates are completely different depending on the insurance company and its perception of the risk. I see a 2023 where insurers will start using technical tools for a proactive approach to risk monitoring. A questionnaire is not enough and insurers must continuously assess the risk of their insured clients” 

Handy also believes that loss adjusters are becoming a much more important part of the equation. Over recent years, he said, the insurance industry has been very focused on the incident response component of their offering, to the detriment of claims management.

“Loss adjusters are in a sweet spot of being able to shape cyber. For many years the industry has been very focused on the incident response component - what I refer to as the shop window - and arguably they were so focused on that, that they forgot about the claim,” he explained. “Everybody spent lots of money on incident response and they got their fingers burnt because they weren't controlling the claim. Now, we're in a position whereby control of cost is becoming more and more relevant.”

Rijllo highlights as the last and most relevant trend he sees is the bundling of technical services for cyber risk mitigation within insurance policies.

“We are working with different insurance companies to bundle our cyber insurtech platform as an integrated proposition. The advantage is for both clients and insurers, the risk is mitigated, the price of the coverage reduced, claims are significantly contained in terms of number and cost of the single event”.