Insurance companies have noted that ransomware continues to increase in frequency and severity. Ransomware-as-a-service makes it easier from criminals to use, and some are sophisticated enough to hack companies' financial information including their insurance policies. A few years ago ransom demands were mostly $25,000 or $50,000; now six or seven figure demands are not uncommon. While cities and large firms get most of the publicity, small businesses are targeted because their defenses are weak.
Faced with rising costs and low premiums, insurers may be placing sub-limits on coverage for ransomware if not already part of their policies. They may also apply stricter terms for securing data and reporting threats.
On your next Cyber renewal, check policy limits and sub-limits terms and conditions. More important, build as much security into your system as possible and stay alert for scams.
Update: On 1/22/20 Reuters reported insurers are increasing rates for cyber insurance by up to 25% as ransomware exposures increase. While the number of incidents declined by 6% in 2019 according to Malwarebytes, the average ransom more than tripled from the first to third quarter of the year. Hackers frequently target mid-size companies with less defenses but also less revenue. Unless these companies have cyber insurance including ransomware, inability to meet demands and restore service can lead to ongoing problems and even bankruptcy.
In addition to rate increases, insurer responses may include coinsurance and requiring policyholders to have better data protection systems.