The changes follow a challenging year of hackers using malicious programs, known as ransomware, to take down systems that control everything from hospital billing to manufacturing. They stop only after receiving increasingly hefty payments.
The attacks happened less frequently in 2019, but the problem remains significant, cybersecurity experts said.
"Ransomware is more sophisticated and dangerous than we saw in the past," said Adam Kujawa, director of Malwarebytes Labs.
There were 6% fewer ransomware incidents in 2019 versus the prior year, according to Malwarebytes. However, attacks are now designed to spur deeper and more lasting technological problems, with hackers demanding bigger sums.
The average ransom of $41,198 during the 2019 third quarter more than tripled from the first quarter, according to Coveware, which helps negotiate and facilitate the payments.
Ransoms are becoming disproportionate to the size of targets, said Kelly Castriotta, Allianz SE North American head of product development for financial lines. Hackers frequently pursue mid-size companies and other organizations that are less technologically adept, but also have less revenue to cover big ransoms.
"You'd expect a ransomware demand that you can pay," Castriotta said.
The U.S. rate increases underscore broader global ransomware problems from which no company is immune.
Ransomware recently crippled foreign-exchange firm Travelex Ltd's [TRVLXP.UL] systems for weeks, leaving staff to serve customers with pens and paper. Hackers demanded $6 million, the BBC reported. Travelex declined to comment.
Another attack in December paralyzed the Albany County Airport Authority's administrative computers. It had to pay $98,705.96 in Bitcoin to get the system unlocked, a spokesman told Reuters. Its insurer, Chubb Ltd, covered the ransom, he said. Chubb declined to comment.
Cyber-insurance premiums started rising 5% to 25% late last year, said Robert Parisi, U.S. cyber product leader at Marsh & McLennan Companies Inc.
He called the increases "dramatic" but said insurers have not scaled back coverage.
Cyber policies often cover not just ransom, but data recovery, legal liabilities and negotiators fluent in hackers' native languages. Some insurers are considering changes, given the rising costs.
Allianz is looking into price adjustments and whether ransomware should be a separate product from general cyber coverage, Castriotta said.
Zurich Insurance Group is more likely to underwrite firms that have added network features to prevent attacks from spreading through systems, said its chief risk officer, Peter Giger.
Sompo International is reviewing criteria for businesses that have been most vulnerable to ransomware, said Brad Gow, global cyber product leader.
Insurers including Sompo may also lower amounts they pay for ransomware attacks against higher-risk companies or shift to coinsurance, in which policyholders would pay 20% to 30% of ransomware claims, Gow said. They might also require those policyholders to have data-backup procedures.
Gow compared potential changes to requiring airbags or sprinkler systems.
"We can drive a win-win by helping our clients become better protected," he said.
GRAPHIC - Global threat from ransomware: https://fingfx.thomsonreuters.com/gfx/editorcharts/CYBER-INSURANCE/0H001QXWXBGK/index.html
By Suzanne Barlyn