This article will discuss the recent guidance issued by government regulators, including the recent New York Department of Financial Services' (DFS) framework with respect to insuring against cyber attacks, and their potential impact on insurance companies and insureds. This article will also discuss recent trends in the cybersecurity insurance market, including how insurance companies have tightened underwriting standards to help meet the challenge of insuring against this growing risk.

Recent Claim Trends in Cyber Insurance

On April 26, 2021, leaked data from the Washington, D.C. Metropolitan Police Department appeared online after the department was hit by a ransomware attack. The data that was posted online included screenshots of arrest records and internal memos. The group that claimed responsibility for the attack, Babuk, threatened to leak further data if their ransom demands were not met within three days, including information about police informants. Babuk claimed to have downloaded a total of 250 gigabytes of data. As of this writing, there is no information about whether the Metropolitan Police paid the ransom.

Ransomware attacks such as the attack on the D.C. Metropolitan Police Department have become all too common in recent years. Although it is widely known that ransomware attacks have exploded in frequency and severity, other forms of cyber-related claims also pose a significant risk. According to a study by cyber insurer Coalition, Inc., ransomware attacks were the most common type of cyber claims in 2020 (41%), followed by funds transfer loss (27%), and business email compromise incidents (19%). All of these risks have accelerated in light of the global COVID-19 pandemic, with many employees working remotely, giving hackers more opportunity to gain access to computer systems and sensitive information.