Category Archives: Cyber Risk

Senate Panel Meets
On COVID-19 Fraud

The Senate Judiciary Committee last week held a  hearing  titled “COVID-19 Fraud: Law Enforcement’s Response to Those Exploiting the Pandemic.”   

The hearing included testimony by William Hughes, associate deputy attorney general, U.S. Department of Justice; Craig Carpenito, U.S. attorney, District of New Jersey; Calvin Shivers, assistant director, Criminal Investigative Division, Federal Bureau of Investigation; and Michael D’Ambrosio, assistant director, U.S. Secret Service, Department of Homeland Security. 

Testimony focused on the response to fraud that has resulted from the COVID-19 pandemic. Examples included sale of fraudulent personal protective equipment (PPE) and cyber-enabled fraud; price gouging and hoarding; and fraud relating to the CARES Act’s Paycheck Protection Program (PPP). 

As demand for PPE has been greater than the supply, the environment created has been “ripe for exploitation,” Shivers said.  

In addition to sales of counterfeit PPE, he cited “advance fee” schemes – in which a victim prepays for goods like ventilators, masks, or sanitizer that are never received – and business email compromise (BEC) schemes, which involve spoofing an email address or using one that’s nearly identical to one  trusted by the victim to instruct them to direct funds to bank accounts controlled by the fraudsters. 

Shivers said the FBI is working to educate “the health care industry, financial institutions, other private sector partners, and the American public of an increased potential for fraudulent activity dealing with the purchase of COVID-19-related medical equipment.”  

He added that millions of units of PPE have been recovered from price-gouging and hoarding operations and the FBI is working to determine next steps for how to redistribute or sell the PPE. 

D’Ambrosio said that although “criminals throughout history have exploited emergencies for illicit gain, the fraud associated with the current COVID-19 pandemic presents a scale and scope of risks we have not seen before.” 

He described four categories of threat: 

  1. COVID-19-related scams, including the sale of fraudulent medical equipment and nondelivery scams;  
  1. Cybercrime like BECs, exploiting increased telework; 
  1. Ransomware and other activities that could disrupt pandemic response; and 
  1. Defrauding government and financial institutions associated with response and recovery efforts. 

Thus far, the Secret Service has initiated over 100 criminal investigations, prevented approximately $1 billion in fraud losses, and disrupted hundreds of online COVID-19-related scams, D’Ambrosio said. 

CORONAVIRUS WRAP-UP: PROPERTY AND CASUALTY (4/21/2020)

Automobile Insurance
Acting on ‘Thin’ Data, Auto Insurers Retain Flexibility With Premium Credits
Speeders Take Over Empty Roads — With Fatal Consequences
Business Interruption
Triple-I Economists: Enforced COVID-19 Business Interruption Payouts Would Damage Industry
Fight Over Pandemic Insurance Intensifies
Restaurants vs. Insurers Shapes Up as Main Event In D.C. Lobbying Fight
Cyber Risk
Hacking Against Corporations Surges as Workers Take Computers Home
Directors & Officers
D&O Insurance May Help Non-Public Companies With COVID-19 Claims
Financial Impact
Despite Recent Market Rally, Pandemic Will Continue to Hit Insurers’ Investments
COVID-19 to deter M&A activity in 2020: Conning
Kidnap & Ransom
Pandemic Exposes Organizations to Kidnap for Ransom Risk
Litigation
U.S. Businesses Bring Wave of Class Action Lawsuits Against Insurance Companies for Denial of Business Interruption Claims in Wake of COVID-19Pandemic
Hiscox Faces Legal Action From Chef Raymond Blanc: Reports
Ending Virus Shutdowns Too Soon Poses Legal Risk for Businesses
Reinsurance and Insurance-Linked Securities
Lack of Exclusions, Poor Wordings the COVID-19 BI Threats to Reinsurers & ILS
Workers Compensation
Utah Passes Bill to Provide First Responders With Comp for COVID
Comp Premiums Likely to Dip as Employment Declines: NCCI

From The Triple-I Blog:
MIXED REACTIONS TO WORKERS COMP COVID-19 EXPANSIONS

CORONAVIRUS WRAP-UP: PROPERTY AND CASUALTY (4/17/2020)

Auto Insurance
Stay-at-home Pandemic Orders Reduce Auto Claims Almost by Half
As Coronavirus Empties Streets, Speeders Hit the Gas
Business Interruption
UK Watchdog Orders Insurers to Pay Small Business Claims Quickly
Cannabis Insurance
Pandemic Could Shrink Cannabis Insurers’ Premiums, Market
Cyber Insurance
Preventing Losses Due to Growing Cyber Crime During Coronavirus Crisis
As Attacks Rise, Paladin Offers Cybersecurity Platform Free to Insurance Agencies
Disaster Preparedness
‘Uncharted Territory’ as Wildfire Fighting Adapts to Pandemic
Insurance-Linked Securities
Artemis Live: Interview with Tom Johansmeyer, Head of PCS
Litigation
Nashville Bar Sues Insurer Over COVID-19 Loss Claim. Experts Say It Won’t Be the Last
Businesses Warn Fear of Liability Lawsuits Could Stall Rebooting of Economy
P/C Industry Impact
Suddenly There is Big Demand for Pandemic Cover, Says Underwriter
Chubb CEO: Forcing Insurers to Pay Pandemic Loss Claims is ‘Plainly Unconstitutional’
Allianz CEO: Pandemic Hit “Like a Metororite”
From Hacker Attacks to Shareholder Lawsuits, Insurance Industry Braces for COVID-19 Fallout
Public Health and Safety
What FDA Says About Food Safety Amid COVID-19
Travel Insurance
Travelers Consider Their Risk Tolerance
HOLIDAY HELL How to Get a Refund on Your Holiday if it’s Cancelled and How Long Should it Take to Get Cash Back
Workers Compensation
Workers Compensation in Wake of COVID-19

From the Triple-I Blog:
INSURERS RESPOND TO COVID-19 (4/17/2020)
TRIPLE-I BRIEFING: SURPLUS IS KEY TO INSURERS KEEPING POLICYHOLDER PROMISES
PUTTING CAR INSURANCE PRICES INTO PERSPECTIVE

CORONAVIRUS WRAP-UP: PROPERTY AND CASUALTY (4/16/2020)

Legislation and regulation
Democrats Plan Legislation to Force Insurance Companies to Pay Out for Pandemic Losses
Thompson Introduces the Business Interruption Insurance Coverage Act
Lawmakers Advocate Stimulus Aid to Insurers on Business Interruption
SC Proposes Bill Over Coronavirus-related Business Interruption Claims
NJ offers grace period for insurance premium expenses
Coronavirus Regulations: A State-By-State Week In Review
Litigation
COVID-19, business interruption and bad faith litigation
P/C Industry Impact
No Evidence COVID-19 Industry Loss Will Match Large Catastrophe Years: Flandro
How Insurance Claims Pros Are Adjusting to Pandemic Complications
COVID-19 Response ‘Could Bankrupt the Insurance Industry’: Insurance Defense Lawyer
Coronavirus response: Short- and long-term actions for P&C insurers
Auto Insurance
Analysts: Auto Insurance Coronavirus Rebates a Solid Move in Short Term
Will Fewer Drivers on the Road Mean Lower Auto Losses? It Depends
Auto Insurers Offer Rebates as Traffic Abates During Pandemic
Business Interruption
Neglecting Idle Facilities Amid COVID-19 Will Cost Companies, Warns FM Global
Cyber
Working From Home? Don’t Let Cyber Criminals Break In
Hospital Hackers Seize Upon Coronavirus Pandemic
Workers Compensation
COVID-19 Comp Expansions Could Have Significant Impact on Industry

CORONAVIRUS WRAP-UP: PROPERTY AND CASUALTY (4/13/2020)

Auto Insurance
Car Insurance Refunds Become Standard Issue
State Farm Rolls Out $2 Billion Consumer Financial Relief Program
The Landscape Has Changed Dramatically’: Donelon Calls for Lower Car Insurance Rates
Business Interruption Insurance
COVID-19, Business Interruption Coverage, and the ‘Physical Loss or Damage’ Requirement
S.C. Bill Would up Pressure on Insurers to Cover Business Interruption
Insurers Can’t Cover Everything
With Hollywood on Hiatus, Studios Bracing for Fights With Insurers Over Coronavirus Losses
Proposed Backstop Would Cover Pandemic Business Interruption
Claims
Best’s Insurance Law Podcast Discusses Impact of COVID-19 on Claims
Coronavirus comp claims present challenges: Experts
Cyber
State-Backed Hackers Taking Advantage of Outbreak: Officials
The Line Between Biological and Cyber Threats Has Never Been So Thin
Hackathons Target Coronavirus
Impacts by Industry
Shifts in Manufacturing Create New Exposures: Experts
6 Critical COVID-19 Risks Facing the Health Care Industry
Tracking U.S. Small and Medium Business Sentiment During COVID-19
Pharmacy Workers Are Coming Down With COVID-19. But They Can’t Afford to Stop Working
6 Critical COVID-19 Risks for the Construction Industry

COVID-19 Meets Cyberrisk

As COVID-19 spreads, we’ve been hearing more about the importance of hygiene and maintaining “social distance.”

Last night I found out the cyberrisk conference I was scheduled to attend this morning had been changed to a “virtual” meeting. With so many events being canceled or postponed out of an abundance of caution over the spreading COVID-19 virus, it was nice to know the show would go on safely.

I’d already been working from home (thank you, Triple-I!) to avoid exposure during my train commute and potentially becoming a “vector” to family, friends, and co-workers. As I waited for the event to begin, I scrolled through my news feed and spotted several stories about risks related to increased remote work.

Cyberrisk featured prominently in these articles. Unprotected devices, they warned, can lead to data losses, privacy breaches, and ransomware attacks.

One article alluded to campaigns designed specifically to tap into concerns around COVID-19.

“We are already seeing targeted phishing campaigns globally,” said New Zealand Health IT chief executive Scott Arrol. “The cyber virus taking advantage of the biological virus.”

Arrol said hackers seeking to exploit fears of Covid-19 are sending fake ads or links with online viruses.

The message “might look like it has come from the World Health Organization, inviting you to register for more information,” he said. “You click on that link, you’ll be taken to fill out a form and then suddenly…you’re giving away personal information you shouldn’t.”

Technology can help us maintain social distance, but the devices we rely on need to be managed and protected, lest they make us even more vulnerable.

Insurance broker Aon has issued an advisory cautioning employers to take steps to ensure that work-from-home employees can connect to secure remote networks, a Claims Journal article says.

“Any time you’re taking about employees who are not used to working from home, who may not have the correct cybersecurity posture, a virtual private network (VPN) is critically important and having two-factor authentication is critically important,” Aon Senior Vice President Stephanie Snyder said.

A VPN connects remote users or regional offices to a company’s private internal network. Two-factor authentication adds a layer of security beyond a password to make sure a user is authorized to access the system.

Snyder added that telecommuters may be tempted to work from their laptops at a coffee shop – potentially exposing their computers to intrusion. She said employers need to have strict security protocols in place to avoid such exposures.

So, I wasn’t surprised when one of the first speakers at the event I was “attending” mentioned viral epidemics like COVID-19 as something underwriters just a few years ago would not have considered a factor in assessing cyber risk but now should.

As I’ve written before, increasingly interconnected risks require a holistic approach to risk management – one that takes into account preparation, mitigation, and built-in resilience. As COVID-19 has spread beyond its origins in Asia, we’ve been hearing more about the importance of hygiene and of maintaining “social distance.”

Technology can help us maintain social distance, but the devices we rely on need to be managed and protected, lest they make us even more vulnerable.

Consumers lack understanding of personal cyber insurance: I.I.I./J.D. Power Survey

Getty Images

By Mary-Anne Firneno, Research Manager, Insurance Information Institute

Americans have embraced the Internet of Things. As consumers own more internet-connected devices and buy more products online and businesses use more electronic data and online storage, cyberattacks continue to occur.

Despite reports of ever-larger data breaches, awareness of the protection available to consumers through insurance has shrunk over the past year, according to a survey from the Triple-I and J.D Power.

The 2020 Consumer Cyber Insurance and Security Spotlight Survey℠: Consumer indifference is still a challenge for personal cyber insurers, found that only about one in 10 American consumers who have connected devices in their homes or vehicles say they have insurance to help them recover from a cyberattack. And close to half do not know whether they have this protection. Fewer connected device owners say they have cyberrisk insurance than when the Triple-I and J.D. Power polled them in 2018.

Yet consumers are interested in cyberrisk insurance. More than half of connected-device owners (56 percent) said they believed homeowners or auto policies should offer cybersecurity coverage.

So why don’t more consumers buy cyberrisk insurance? The 2020 Consumer Cyber Survey found that three-quarters of connected consumers are reluctant to pay more for cyberrisk coverage – despite the fact that cyber coverage is relatively inexpensive: about $10 from a package policy and about $40 for a separate one.

Persistent attitudes that cyber coverage is a not a product consumers are willing to purchase is an opportunity for insurance professionals to explain the value of personal cyber coverage.

Individuals Should Not Rely on Insurance to Protect Their Cryptocurrency Holdings

By Michael Menapace, Esq. 

Michael Menapace

Many individuals and businesses hold some amount of cryptocurrency.  According to a recent survey, nearly 10 percent of Americans have invested in cryptocurrency since the first Bitcoin was “mined” in 2009.  And, along with the rise in prevalence of virtual currencies in recent years has come a surge in cryptocurrency theft, with one Ponzi scheme defrauding cryptocurrency investors out of $2.9 billion dollars in 2019.  Those who invest in, use, and hold cryptocurrency should protect their assets.  While individuals can purchase insurance to protect themselves if certain types of assets are destroyed or stolen, such as a house, car, or personal property, individuals may have difficulty obtaining coverage for their cryptocurrency.

Bitcoin is just one cryptocurrency built on the technology called the blockchain.  Other virtual currencies include Ethereum, Ripple, Litecoin, Monero, and ZCash.

Homeowner’s insurance protects an insured against the loss of certain property.  For example, if a thief breaks into your home and steals your television, that loss will likely be a covered loss of property under a standard homeowner’s policy.  For an overview of what homeowners insurance typically covers, see here.

Is theft of cryptocurrency covered under homeowners insurance?

Getty Images

But, is an owner of cryptocurrency insured if a thief hacks their computer and steals virtual currency?  Part of the answer relates to the question – what is cryptocurrency?  Are these virtual currencies a security, money, property, a commodity, or something else? As discussed below, it seems unlikely, and inappropriate, for the loss of cryptocurrency to be a covered loss under a homeowners policy.

The Securities and Exchange Commission takes the position that cryptocurrency is, or at least can be, a “security” and cautions that “issuers [of virtual currencies] cannot avoid the federal securities laws just by labeling their product a cryptocurrency or a digital token.”  On the other hand, the IRS has issued Notice 2014-21, identifying cryptocurrency as “property” for federal income tax purposes. Still a third possibility is that cryptocurrency, which can be used to purchase goods and services, is properly classified as money.

As the above demonstrates, the same word, or virtual product, can have different meanings depending on the context.  Here, we are considering how cryptocurrency is interpreted under an insurance policy.  There does not seem to be any reason why cryptocurrency must be treated as the same thing by the SEC, IRS and insurers.  Therefore, the pronouncements of the SEC or IRS should be only of limited assistance.

A common homeowners insurance policy states that the insurer will cover the loss of the insured’s dwelling, other structures, and personal property.  Crytocurrency is clearly not a dwelling or structure, so the question is whether cryptocurrency is “property” in the general sense because homeowners policies often protect against the loss of property.  Beyond the IRS guidance discussed above, there is authority for the position that cryptocurrency is property.  For example, an Ohio state trial court held that cryptocurrency was property covered by a homeowners policy.  That ruling is discussed further below.

Not all homeowners policies are the same

Even if cryptocurrency is property in a general way, however, the insurance analysis does not end there because not all property is treated equally under a homeowners policy.  For example, coverage for the loss of personal property often has a $200 sublimit for “money, bank notes, bullion, gold and [other precious metals], coins, medals, scrip, stored value cards and smart cards.”  Likewise, a homeowners policy may have a sublimit of $1,500 for “securities, accounts, deeds, letters, of credit, notes other than bank notes, . . . tickets and stamps.”  When considering these common sublimits, is it more appropriate to apply the $200 limit for money or the $1,500 limit for those items akin to securities?  At least for some cryptocurrencies, like Bitcoin, an analogy to money seems more appropriate because Bitcoin is specifically designed to be an alternative to traditional currency.  Considering an individual’s ownership of Bitcoin a security does not seem to make sense.  After all, when one thinks of a person owning a security, such as a share of stock in Acme Corp, the comparisons with Bitcoin are thin.

Beyond the issue of whether cryptocurrency is insured generic property, money, or a security, there is another fundamental issue to consider under a homeowners policy.  The insuring agreement in many homeowners policies states that personal property is insured for “direct physical loss to the property described” such loss from vandalism or theft.  Because cryptocurrency is a virtual currency, there is nothing to physically lose or destroy.  What is lost or destroyed is the record of ownership or the “key” to demonstrate ownership of the currency.  Cash can be burden by fire – not so for a currency that never exists physically.  A policyholder would have a difficult time explaining how the plain meaning of “direct physical loss” is met when the virtual currency is stolen.

A couple cautionary notes are required for this discussion.  First, not all homeowners policies are the same.  The terms and conditions of each policy will control; therefore, a generalized discussion about homeowners policies is just that – general.  For example, some policies treat money and securities the same, which could change or eliminate the need for the above analysis.

Is cryptocurrency considered property?

Second, individuals should not take too much comfort in the one reported decision on cryptocurrency as property under a homeowners policy.  In the Kimmelman v. Wayne Insurance Group decision from an Ohio trial court, the court ruled that cryptocurrency was generic property, not money, and the policy’s $200 sublimit did not apply.  Whether this decision is persuasive in other courts remains to be seen, but there are reasons why it should not.  The Ohio court did not provide a fulsome analysis of the issues, which limits its usefulness.  For example, there is no discussion on whether the policy’s submits for electronic funds or securities should apply.  In addition, the policy language is at issue in that it was drafted in 1999, years before cryptocurrencies were invented.  Newer policy language may not be the same.  Finally, the court relied heavily on the IRS guidance mentioned above, which states that cryptocurrencies are treated as property.  But that IRS guidance also states that cryptocurrency is treated as property “for income tax purposes.”  While IRS guidance on tax issues is persuasive, that guidance should have no impact on how insurance contracts should be interpreted.

The court was also persuaded that Bitcoin was general property, not money, because it could be exchanged for money, i.e. it is a convertible virtual currency.  But that rationale doesn’t explain that various forms of currency are converted to other kinds of currency all the time, e.g. Euros are converted into dollars.  Indeed, Bitcoin was originally conceived as a currency “akin to cash” by Satoshi Nakkamoto in his whitepaper Bitcoin: A Peer-to-Peer Electronic Cash System.  And outlets such as the Wall Street Journal report Bitcoin value under “Currencies” with the Euro, U.S. Dollar, the Japanese Yen, etc., not under Stocks, Bonds or Commodities.  No one would argue that the Yen is not money but is property that can be converted into U.S. Dollars.

It also bears a mention that the focus on Bitcoin, even if the Ohio decision were correct, does not necessarily apply to other cryptocurrency platforms that have different purposes from Bitcoin.  For example, Ethereum was created for a different purpose from Bitcoin.  Ethereum, while it has a value associated with its coins/tokens, its original and fundamental purpose included providing a platform where one can build out new applications rather than simply being a substitute for traditional currency.  (For an explanation of the different types of cryptocurrencies, see this tutorial (last updated Jan. 2020)).  In all, I believe that Kimmelman was wrongly decided or, at least, of limited persuasive value that other courts should not find persuasive.

What Can Individuals Do?

The bottom line is that individuals should not rely on their homeowners policies to protect them from the loss of cryptocurrencies.  Commercial entities, in contrast, can buy crime policies or cyber insurance policies, which are largely unavailable to private individuals.  What can individuals do?  They must take proactive steps to protect themselves rather than relying on someone compensate them if their assets are lost or stolen.

For example, if an individual is using “hot” storage for their Bitcoin, i.e. having the virtual currency accessible online, the currency is vulnerable to theft by hacking or ransomware attack. The owner might consider, therefore, having a commercial third party hold the virtual token or coin in its digital wallet for the individual.  That commercial entity can be insured under a crime or cyber policy.  If the individual is using “cold” storage, e.g. storing the currency offline on a flash drive, the cold storage is vulnerable to physical destruction or old-fashioned theft.  In that case, the individual should secure the flash drive from theft and physical description by keeping it in a fire-proof safe.  Frankly, these are precautions that individuals should be taking even if the risk of loss were covered by a homeowners policy.  But, until coverage for cybercurrency for individuals is widely available under a homeowners policy, owners would be wise to take steps to protect their digital assets from bad actors and physical accidents.

Michael Menapace is a Non-Resident Scholar of the Insurance Information Institute, a partner at Wiggin and Dana LLP, and a professor of Insurance Law at the Quinnipiac University School of Law.

Emerging cyber terrorism threats and the Federal Terrorism Risk Insurance Act

Cyber is a relatively new, evolving risk. Insurers manage their exposures, in part, by setting coverage limits and excluding events they don’t want to insure.

On December 20, 2019, President Trump signed a federal funding package that includes a seven-year extension of the Terrorism Risk Insurance Act (TRIA). TRIA provides for a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism.

Passage of the act was met with resounding approval by the insurance industry. You can read more about it here.

A critical mandate of the TRIA extension is for the Government Accountability Office (GAO) to make recommendations to Congress about how to amend the statute to address emerging cyberthreats. Triple-I recently hosted an exclusive members-only webinar featuring Jason Schupp of the Centers for Better Insurance, who discussed issues likely to be addressed by the GAO report.

Schupp said the report will likely serve as a starting point for a discussion about cyber threats and how the insurance industry can better meet the needs of businesses, nonprofits and local governments for cyber insurance. It will address:

  • Vulnerabilities and potential costs of cyber-attacks to the United States;
  • Whether adequate coverage is available for cyber terrorism;
  • Whether cyber terrorism coverage can be adequately priced by the private market;
  • Whether TRIA’s current structure is appropriate for cyber terrorism events; and
  • Recommendations on how Congress could amend TRIA to meet the next generation of cyber threats.

Cyber terrorism is already covered under TRIA, but such acts don’t fit neatly into the TRIA framework. Because cyber limits and conditions are already narrow, TRIA’s current make available requirement has not been effective in providing coverage for cyber-terrorism events at the same limits and conditions as non-cyber events.

Schupp proposes that the requirement be amended so the coverage doesn’t exclude insured losses specific to the loss of use, corruption or destruction of electronic data or the unauthorized disclosure of or access to nonpublic information.

But expanding the requirement carries considerable risk. If insurers are required to make more coverage available for cyber events than they are comfortable with the result could be a pullback in property and liability insurance generally – not just for cyber events. Any expansion must be balanced with the terms of the backstop.

Schupp concluded that the GAO’s investigation and report (which is required to be completed by June 2020) is likely to kick off a multi-year debate that could substantially redefine U.S. cyber insurance markets. Insurers, policyholders and other stakeholders should engage accordingly.

To learn about how to become a member of Triple-I visit iiimembership.org.

Ransomware payments doubled in fourth quarter 2019

The average ransomware payment increased by a whopping 104 percent in the fourth quarter of 2019, spiking to $84,116 from $41,198 in Q3, according to a report from Coveware, a security vendor.

Ransomware, also known as cyber extortion, involves the use of malicious software designed to block access to a computer system until a sum of money is paid. The 4Q increase reflects the diversity of the cyber criminals attacking companies.

Some ransomware variants are focusing on large companies where they can attempt to extort the organizations for seven-figure payouts. Small businesses, on the other hand, are bombarded with ransomware variants with demands as low as $1,500.

The total cost of a ransomware attack depends on its severity and duration and includes the costs of the ransom payment (if one is made), as well as remediation costs, lost revenue, and potential brand damage.

In Q4, ransomware actors also began exfiltrating data from victims and threatening to release it. In addition to remediation and containment costs, this complication adds to the potential costs of third-party claims.

Other key takeaways from the report include:

  • 98 percent of companies that paid the ransom received a working decryption tool in Q4 2019, unchanged from Q3.
  • Victims who paid for a decryptor successfully decrypted 97 percent of their data, a slight increase from Q3.
  • Average downtime increased to 16.2 days, from 12.1 days in Q3 of 2019. The was driven by a higher prevalence of attacks against larger enterprises, which often spend weeks fixing their systems.
  • Cyber criminals demand Bitcoin almost exclusively now in all forms of cyber extortion because it’s easier to swap extortion proceeds into a privacy coin after they collect, than to require a victim to purchase a less liquid type of digital currency.
  • Less sophisticated and well-financed attackers will target small companies with small IT budgets.
  • Public sector organizations continued to account for a high percentage of ransomware attacks in Q4. The attacks are expected to continue until these organizations are able to increase their security budgets.