Wirehouses are among the “high value” targets for cybersecurity attackers, who are believed to have increased their activities since the onset of the Ukraine war — which could impact firms’ cyber insurance costs, according to a technology analyst.
Russia’s invasion of Ukraine in late February sent shockwaves around the world and ramped up concerns about cybersecurity threats to major U.S. corporations.
“Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners,” the U.S. Government’s Cybersecurity and Infrastructure Agency wrote on its website.
“Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization — large and small — must be prepared to respond to disruptive cyber incidents,” the agency added.
There are two major cybersecurity issues related to Russia’s invasion of Ukraine, according to Charles King, principal analyst of technology research firm Pund-IT.
“One is that hacktivists and cybercriminals will take sides and attack businesses and government entities on one side or the other,” King said. “The other is that Russia will leverage its own substantial state-directed cyberattack capabilities against the U.S., NATO [North Atlantic Treaty Organization] members and other entities involved in sanctioning its behavior in Ukraine.”
Set against this backdrop, major financial institutions such as Merrill Lynch, Morgan Stanley, UBS and Wells Fargo are “high value” targets, according to King.
“Given the size of the payouts cyber insurance underwriters have made over the past two to three years, it seems likely that they will raise the cost of policies to address those increased risks, especially for companies likely to be targeted,” King said.
“In addition, it would not be surprising if underwriters demand that customers provide substantial evidence of measures taken to protect their organizations or limit coverage to businesses that are not being as diligent or proactive as they should be about security and cyber protection measures,” he added.
Cyber insurance costs were spiking even before Russia launched its invasion of Ukraine. In the U.S., sparked by ransomware, cyber insurance pricing rose 131% during the fourth quarter of 2021, according to data from insurance broking and risk management firm Marsh.
When contacted about cyber insurance costs, spokespersons for Wells Fargo and Morgan Stanley directed FA-IQ to the Financial Services Information Sharing and Analysis Center. Merrill parent Bank of America and UBS declined to comment for this story.
The FS-ISAC is a cyber intelligence sharing community focused on financial services. The U.S. based group has offices in the U.K. and Singapore and members in around 70 countries. The members represent over $35 trillion in client assets, according to the group’s website.
Cyber insurance costs have been rising for a number of years, largely due to ransomware, according to Ray Irving, managing director, global business services at the FS-ISAC.
“Cyber insurers have responded by increasing their premiums, tightening coverage terms, introducing ransomware payout limits, and adding clauses that remove liability for attacks by nation-states,” he said.
Defining Bad Actors
However, in some cases there can be difficulties of attribution because nation-state actors and cybercriminal groups increasingly collaborate, according to Irving.
“For example, a policy may have a nation-state exclusion, but the attack is carried out by a criminal group affiliated with a nation-state,” Irving said. “Cyber insurers are now also scrutinizing policyholders’ cyber and resilience strategies and systems more closely than ever and may deny cyber insurance to firms seen to have lax cybersecurity.”
The definition of who is behind an attack is important, according to Tom Johansmeyer, head of Property Claims Services at data analytics firm Verisk.
“State activity can mean a lot of different things,” Johansmeyer said, noting that attacks could be the work of a state actor, state-sponsored or the result of state accommodation. “State accommodation is more akin to what we are seeing in the ransomware environment where groups have got the tacit permission of a state entity,” he said.
The Ukraine conflict, according to Johansmeyer, is just one factor feeding into the broader price environment for cyber insurance.
“Worldwide cyber insurance premiums increased 10 percent last year, according to our loose calculations,” he said. “Ransomware was probably the driving force behind some of that.”
The financial services industry experienced a spike in ransomware during the Covid-19 pandemic, according to a report released last year by cybersecurity firm CrowdStrike.
While the ransomware threat may have diminished somewhat in recent weeks, Verisk’s Johansmeyer expects it to return.
“From what my market sources tell me, there has been a dip in ransomware that started before the conflict and has continued through the conflict to date,” he said. “There’s also a sense that when the kinetic phase [of the Ukraine war] comes to a substantial conclusion, after that, [ransomware] will really heat up again.”
Do you have a news tip you’d like to share with FA-IQ? Email us at email@example.com.