Advisen FPN

Advisen Cyber FPN - Friday, December 18, 2020

As ransom payments double, Beazley warns: 'Organizations need to make it hard for threat actors'


As ransom payments double, Beazley warns: 'Organizations need to make it hard for threat actors'

By Erin Ayers, Advisen

Ransom payments for the first six months of 2020 doubled compared to 2019, as ransomware events reached “new levels of complexity,” according to the latest Beazley Breach Insights report.

“In an incredibly challenging year in which ransomware has become the biggest cyber threat to impact individuals and organizations alike, the severity of ransomware attacks has continued to escalate,” said Paul Bantick, Beazley’s global head of cyber and technology. “Our underwriting, claims and threat intelligence database shows that ransomware attacks are much more sophisticated and severe, thus, it is critical that organizations adopt a layered approach to security and take stringent measures to make it hard for threat actors at every step.”

Instead of merely locking up a system temporarily, threat actors now typically spend much more time on reconnaissance, infiltrating systems and targeting backups and exfiltrating sensitive information. Once armed with an organization’s critical data, they have the leverage to demand much higher sums in return for decryption keys.

While the number of ransomware events reported to Beazley’s in-house breach response team, BBR Services, in 2020 has not exceeded those seen in 2019, claim severity has risen.

According to the latest Beazley Breach Insights report, published today, the total cost of ransom payments doubled year-on-year through the first six months of 2020, based on incidents reported to BBR Services.

Beazley cited one recent incident where an automotive group was hit with eGregor ransomware that encrypted employees’ personal information and compromised backups. The hackers demanded $500,000, but Beazley’s claims team negotiated the sum down to $50,000.

There are ways to deter and disrupt cybercriminals before they enact their extortion plans, according to the specialist insurer. Employees need to understand how to avoid phishing emails and backups need to be secure, tested, and offline, among other security steps.

“Organizations need to make it hard for threat actors at every step,” said Beazley in its report. “Cyber extortion is a process and there are many opportunities along the way to disrupt the criminals’ activities. Ransomware is avoidable but requires regular and thorough training of employees on how to avoid this evolving threat. Organizations should not only try to prevent a ransomware infection, but prepare in case they do get infected, through multiple layers of security, each reducing the risk and probability of ransomware.”

Editor Erin Ayers can be reached at

Philadelphia Insurance
Safety National