As we enter the second half of 2023, the cyber claims data in our Cyber Services Snapshots shows an uptick in ransomware incidents, with data exfiltration a key threat in the vast majority of cases. In addition to ransomware, our cyber services professionals are also still seeing a lot of unintended disclosure from manual employee error, as well as fraudulent instruction leading from phishing. 

Despite these trends, some of the security steps taken by our clients at our behest are now showing positive results. Just 24 to 36 months out from the beginning of our remedial period (from both an application perspective and a heightened underwriting posture), we are seeing that the increased controls we have mandated – specifically in longer and or supplemental applications – are earning through.

What are the remedial steps that seem to be having the most impact?

Though the cyber insurance industry is still seeing significant incidence of business email compromise, the security steps taken by our clients appear to be working as we have seen a decrease in ransomware incidents for the first time since 2021. It’s great to see that by lasering in on the factors that result in reduced incidents for our clients, including email security mandates such as email Multi Factor Authentication (MFA), screening for malicious attachments/links, a quarantine service, sender policy frameworks, and sandboxing of suspicious emails; and these efforts are yielding positive results for our clients.

Just nine months after our clients experienced their highest-ever percentage of Remote Desktop Protocol (RDP)-driven claims, the first quarter of 2023 revealed a drop in RDP claims to the lowest percentage we’ve seen since we began keeping records. This shift validates that the remedial steps we put in place to mandate RDP as a function of our wider Critical Vulnerability Management are also proving their effectiveness. We see this to be largely due to increased awareness by clients that they need to diligently manage their remote connections and actively manage and install critical patches across internet-facing systems. These remediations are also supported by our cyber services team, helping to make us part of the security solution for our clients, well beyond simply being their capacity provider solution.

Emerging trends: What should we be protecting against next?

Though some emerging cyber trends are too fresh to be reflected in claims data just yet, new and evolving cyber and technology risks, from artificial intelligence and intellectual property theft to ransomware and systemic risk, are on the rise. The evolution of “initial access” cyber tactics has begun to push the industry to a place where attackers are slowly transitioning away from phishing. Cyber criminals are purchasing and weaponizing zero-day (or previously unknown) exploits, and internet-facing systems (i.e. systems which are accessed via the internet, including web applications, VPN gateways, cloud services, etc.) are key targets.1

To address the supply chain and software vulnerability that these circumstances create, we advise our clients to consider what software their organizations are dependent on and where it is embedded in their environment. We are focused on the risks – not only of cloud adoption, but also the immense growth that we're seeing in those outsourced technologies and the wider supply chain infrastructure as it relates to our clients.

Remediation can begin to have an impact even before the client relationship begins

Our clients benefit not only from our team’s understanding of the impact of remediation, but also from the fact that we begin the process of working with clients to put these methods in place before they even come in the door. Our underwriters understand application questions in context against the profile of risk and have the resources to fix high stakes vulnerabilities during the application process, even before a policy is bound.

The technical acumen they bring to reviewing every application enables us to look holistically at clients and advise them on improving their risk profile to keep pace with the external cyber threat landscape. To see this now earning through in the form of decreased claim frequency and severity is a sure sign that our “long game” approach to mitigating cyber risk while servicing our clients is paying off.


The descriptions contained in this communication are for general risk management and preliminary informational purposes only. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. The product is available on an admitted basis in some but not all US jurisdictions through Beazley Insurance Company, Inc., and is available on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd’s. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: OG55497).