勒索软件：保险市场视角

July 2022Ransomware: Darren Pain,Director Cyber and Evolving Liability, The Geneva AssociationDennis Noordhoek,Director Public Policy & Regulation, The Geneva AssociationRansomware:An insurance market perspective 2www.genevaassociation.orgThe Geneva AssociationThe Geneva Association was created in 1973 and is the only global association of insurance companies; our membersare insurance and reinsurance Chief Executive Officers (CEOs). Based on rigorous research conducted in collaborationwith our members, academic institutions and multilateral organisations, our mission is to identify and investigatekey trends that are likely to shape or impact the insurance industry in the future, highlighting what is at stake forthe industry; develop recommendations for the industry and for policymakers; provide a platform to our membersand other stakeholders to discuss these trends and recommendations; and reach out to global opinion leaders andinfluential organisations to highlight the positive contributions of insurance to better understanding risks and tobuilding resilient and prosperous economies and societies, and thus a more sustainable world.Geneva Association publications:Pamela Corn, Director CommunicationsHannah Dean, Editor and Content ManagerPetr Neugebauer, Digital Media ManagerSuggested citation: The Geneva Association. 2022.Ransomware: An insurance market perspective.Authors: Darren Pain and Dennis Noordhoek. July.© The Geneva Association, 2022 All rights reservedwww.genevaassociation.orgPhoto credits:Cover page— Andrey_Popov and JMiks / Shutterstock.com ContentsForeword1.Executive summary2.Introduction3.An overview of recent ransomware attacks3.1Increased incidence and bigger ransom demands3.2New extortion tactics, techniques and procedures3.3Evolving ransomware ecosystem4.Societal challenges posed by ransomware4.1Economic externalities and moral hazards4.2Possible solutions and pitfalls4.3Lessons from kidnap & ransom insurance5.Re/insurer perspectives on ransomware and ransomware insurance5.1Banning ransom payments is a blunt, potentially ineffective instrument5.2Cyber insurance provides more than cover for ransoms5.3Involving experts leads to better outcomes for the insured5.4Insurance helps improve overall cyber hygiene standards5.5Governments and regulators must go further to counter ransomware attacks6.Concluding remarksReferences 3Ransomware: An insurance market perspective56811111315161617202222232424263032 4www.genevaassociation.orgAcknowledgementsWe wish to extend our gratitude to members and affiliates ofThe Geneva Association’s Cyber andPublic Policy and Regulation Working Groups, whose inputs were invaluable to the preparation of thisreport. Special thanks in particular go to the following colleagues for sharing their insights:•Paul Lloyd and Tanya Kitt (AIA)•Chuck Jainchill, Martin Hansen and Anthony Zobl (AIG)•Scott Sayce and Marek Stanislawski (Allianz Global Corporate & Specialty)•Max Broodryk and Hélène Chauveau (AXA)•Matt Silley and Dan Trueman (AXIS Capital)•Aidan Flynn and Paul Bantick (Beazley)•Matt Prevost (Chubb)•Paolo Madrussa (Generali)•Anika Stehr (Hannover Re)•Philipp Lienau (HDI Global)•Mary Fisk-Bieker (Intact Financial Corporation)•Neil Arklie (Lloyd’s)•Daniel Lamela Largacha and Oscar Taboada (MAPFRE)•Diana Keegan-Dickson (MetLife)•Martin Kreuzer and Panos Charissiadis (Munich Re)•Simon Dejung (SCOR)•Eric Durand, Tobias Wassmann and Sandy Codding (Swiss Re)•Kei Kato, Harriet Gruen, Daljitt Barn and Matthew McKinnell (Tokio Marine)•Marc Radice (Zurich Insurance) From Risk Transfer to Risk PreventionRansomware: An insurance market perspectiveOne ransomware attack targets a leading technology company, whose proprietary data startsappearing online. Another infiltrates an industrial powerhouse and brings global manufacturingto a halt. Yet another wreaks havoc on an entire country’s civil aviation. Two separate attackscompromise two different governments, crippling core services and their ability to protecttheir own citizens.And these were only in the first half of 2022.Ransomware attacks have become even more damaging, audacious and widespread overrecent years, with no obvious let-up on the horizon. The growth of this particular class ofcybercrime can be tied in part to ongoing digitalisation and society’s reliance on IT, whichthe pandemic only served to accelerate. Despite all the benefits of digital technology, theproliferation of ransomware is an unfortunate by-product.Extortion through ransomware is only one feature of the evolving cyber risk landscape, butits potential impact on victims and their insurers, who may underwrite associated losses,demands special attention. For re/insurers, the proliferation of ransomware attacks hasdriven up claims, which has prompted an increase in insurance premiums. Many ransomwarevictims may simply find it easier and less costly to pay the ransom demand than to endureinterruption to their businesses and/or incur costs to remove the malwar