2. Data Breach ---> Ransomware
• Reduced market capacity
• Lack of market confidence
• Inadequate returns on capital for
given risk
• Policy Level Changes
• Rate increases (40-50%)
• Limit reductions
• Ransomware coinsurance/sublimits
• Increased retentions
3. Data Breach ---> Ransomware
• Revised underwriting guidelines
• Multifactor Authentication (MFA)
• Endpoint Detection & Response (EDR)
• Data Backup Procedures
• 3-2-1
• Data Backup disconnected and
off-network
• Credentials not connected to Active
Directory
4. Systemic Risk Concerns
• One event – multitude of losses
• Not Petya
• Solarwinds
• Microsoft Exchange
• Inadequately controlled in existing
underwriting portfolios
• Exposures need to be moved off balance
sheet (e.g. Flood/Earthquake)
5. The Path Forward
• Eliminating the profit opportunity
– Keeping cyber crime under control
• Executive education and understanding
• Resolving systemic risk issues