Corvus Updates Scan with RDP Detection, Cuts Ransomware Claims by 65%
With version 2.0 of the Corvus Scan, Corvus works with Brokers and Policyholders to reduce Ransomware Claims.
Announcing the Corvus Scan 2.0
BOSTON, MA September 22, 2020 / Corvus Insurance, a leading provider of Smart Commercial Insurance products powered by AI-driven risk data, today announced the results of the first 20 weeks of its Corvus Scan version 2.0, including a dramatic reduction in ransomware claims both among new policies and its existing policy base. The new version includes detection of and alerting on Remote Desktop Protocol (RDP) vulnerabilities, the most common entry point for ransomware attacks, as well as other new features.
Ransomware claims account for 24% of all Cyber Insurance claims and have been growing in frequency and severity. The average ransom demand was $178,254 in the second quarter of 2020, up 60% from the previous quarter according to Coveware, a leading ransomware incident response firm. And more than half of all ransomware-related incidents started with a vulnerable RDP port.
Reducing Ransomeware Claims
Since the launch of the Corvus Scan 2.0 in April 2020, Corvus has written or renewed several thousand Cyber Insurance policies. The company’s overall rate of ransomware claims has dropped 65%, from 26% of all claims to a rate among the new policies of 9%. In fact, new policies have had zero RDP-caused ransomware claims during that time. Several Corvus policyholders did experience ransomware caused by other vectors of attack.
The Corvus Scan analyzes numerous IT security assets in order to provide actionable, prioritized IT security recommendations. In addition, Corvus alerts policyholders to new risk exposures that arise out of changes in the external environment or the policyholder’s internal defenses. The Corvus Breach Response team provides consultation with brokers and their policyholders to achieve the desired outcome of fewer claims.
“The results are staggering,” says Bill Siegel, CEO of Coveware, a leading ransomware incident response firm. “This initiative not only helps Corvus policyholders avoid attacks, but decreases the available supply of stolen RDP credentials on the dark market. A decrease in supply directly translates to an increase in cost to the cybercriminals. It’s a perfect example of how insurance can serve its primary purpose of financial risk transfer, while also nudging the entire cyber ecosystem towards a safer place."
“We’re excited to report on the success of this new initiative and are looking forward to continuing on its early momentum to further help the industry with the massive concern ransomware presents,” said Mike Karbassi, Head of Cyber Underwriting at Corvus Insurance. “We’re pleased with the early results and know that this type of vulnerability has historically been a pain point for our clients.”
This initiative comes on the heels of a year of accelerated growth at Corvus.
The rise of remote work and growing concerns over ransomware acted as partners-in-crime to get organizations to hone in on risk mitigation efforts over the past couple years. Through compiling our Risk Insights Index, we found that with certain initiatives — safer or reduced usage of RDP, growing use of email security tools, and other measures taken to limit the impact of threat actors — businesses are more prepared than a year before and ready to play defense. Those efforts are borne out in our finding that the rate of companies who pay a ransom when attacked with ransomware fell by half within a year.
The whisperings of “firming rates” start first, quietly in business meetings, then published in industry reports. Soon to follow, rumblings of a “hard market” are brought to the conversation. It’s cyclical in nature, and we see it across all insurance lines at one point or another. For years, Cyber Insurance stretched far and wide with “soft” market conditions, remaining highly profitable. Now that period of growth, with exceedingly available coverage and inviting terms, has stalled in the face of a hard market.