Skip to main content
Article | FINEX Observer

FINEX Observer: Cyber year in review

Cyber risk

Financial, Executive and Professional Risks (FINEX)

December 15, 2020

In our review of 2020, we explore the impact of COVID-19 on cyberrisks and its lingering effect into 2021.

The past year in cyber risk has been like no other. It seems like ages ago when we were addressing the ongoing challenge for first-party property damage lines of business and the problem of silent cyber accumulation back in January and February. These were the final two articles in our series on silent cyber, a topic important to address as more and more carriers in other lines, especially property and general liability, are explicitly excluding claims and losses which arise from cyber incidents. We recently explored the topic even further by addressing the convergence between general liability and cyber insurance in light of the first reported patient death due to a ransomware event at a German hospital.

Everything changed in March due to COVID-19. Inquiries relating to how an organization’s cyber policy would respond to a claim or loss arising from COVID-19 flooded in, as numerous cyber risk considerations rose to the forefront across all industries. Cybercriminals began preying on the widespread fear COVID-19 created and we saw a plethora of ransomware infections and malware as a result. Organizations became more technologically susceptible to cyber intrusions due to employees working remotely, logging in from less secure networks and using less secure hardware. We issued several client alerts on these new exposures and addressed how cyber insurance could be triggered by COVID-19 related claims and losses, considered the people side of cyber risk amid COVID-19, examined the resulting phishing evolution and discussed remote access in the age of COVID-19.

Ransomware incidents were already on the rise in 2019 and in early 2020, even before COVID-19 hit and are now wreaking havoc on cyberinsurance premiums and capacity. The COVID-19 pandemic created a “perfect storm” for cybercriminals looking to profit off of all kinds of cyber incidents, as mentioned above, but especially ransomware attacks. Ransomware has lead numerous cyberinsurance markets to rethink their cyberinsurance underwriting as a whole, including but not limited to adding new security related questions to their cyberinsurance applications, considering sub-limiting ransomware coverage or even excluding coverage for ransomware incidents altogether. According to our Willis Towers Watson proprietary claims data for the first half of 2020, ransomware accounted for 20% of all claims reported, up from 11% during 2019. Cybercriminals have been targeting businesses of all kinds and sizes with increasingly sophisticated ransomware attacks which carry the potential to prevent an organization from accessing their entire electronic infrastructure. In addition to seeing an explosion in frequency, we have witnessed a significant uptick in the severity of ransomware payments, regularly reaching into the eight figure territory.

Given that the human element continues to be the leading cause of cyber loss, contributing to 64% of the claims included in the first half of our 2020 Reported Claims Index, it should not be surprising to learn that human error is often the root cause of many ransomware attacks. These attacks often use social engineering schemes to trick unsuspecting individuals into providing information or taking an action, which results in malware entering an organization’s network. To shine a spotlight even brighter on ransomware, on October 1, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory on potential sanction risks to organizations for facilitating ransomware payments. We discussed the potential impact of this advisory in a recent client alert.

As we head toward 2021, we expect COVID-19 to continue to reverberate and lead to increased cyberrisk for all of our clients. Even when we emerge from COVID-19, the cybersecurity landscape will never quite be the same given the likely permanent expansion of the attack surface due to the vastly larger population of remote workers. We analyzed this reality and the future of work in June. As we expect ransomware demands to continue to rise, the exposure will no doubt continue to be top of mind for clients, brokers and carriers. If anything, attacks could get worse, as bad actors are becoming more sophisticated and targeted with their attacks and constantly developing new strains of malware. Given the Department of the Treasury’s recent advisory, organizations will continue to face greater regulatory scrutiny over whether ransomware payments are being made to entities or individuals on the OFAC list. Further, what began with the European Union’s Global Data Protection Regulation (GDPR) back in 2018 and continued with the California Consumer Privacy Act, which went into effect in January of this year, we fully expect a new trove of CCPA like legislation in other states in 2021, as well as increased class-action litigation. These new regulations will only heighten exposures organizations are already facing surrounding the wrongful collection, retention and use of confidential information, as well as the failure to adopt specific privacy and security controls.


This Willis Towers Watson publication is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. If you would like additional information, please contact us. Some of the information in this publication may be compiled by third party sources, whilst we consider these to be reliable, we do not guarantee and are not responsible for the accuracy of such. The views expressed herein are not necessarily those of Willis Towers Watson. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates, for example: Willis Towers Watson Northeast, Inc. in the United States, Willis Canada Inc., in Canada.


FINEX Cyber/E&O Thought and Product Leader

Contact Us