Russia’s invasion of Ukraine in February 2022 was quickly followed by a sharp decrease in organised ransomware attacks worldwide, a leading expert revealed at the second annual Bermuda Risk Summit.

Yosha DeLong is the global head of cyber for Bermudian-headquartered Mosaic Insurance, a direct writer of cyber coverage.

Ms DeLong, who is based in Chicago, said: “A lot of these ransomware gangs, and especially some of the ones that were really prevalent in 2019 and 2020, were made up of groups that were both Ukrainian and Russian.

“They have been very tied together in the past, and when this war started, a couple of things happened.

“There was a fracturing of the gangs because there were political disagreements, so we saw two or three major ones that fractured as a result of that.

“The other thing was the recruiting for the military — specifically by Russia. Ukraine was a little bit more voluntary.

“But mandatory recruiting in the military, which shook a lot of these people off the hacking line into actually putting guns in their hands.

“What we saw immediately after this was actually a sharp downtick in organised ransomware events.”

Ms DeLong sat on Monday’s Exploring the Future of Cyber Reinsurance panel, moderated by Kerr Kennedy, an associate partner at EY Bermuda.

She was joined on the panel by George Alayon, deputy director of insurance supervision at the Bermuda Monetary Authority, Edouard Von Heberstein, founder and CEO, Spectra Ltd, and Sebastien Plummer, cyber specialist broker, Gallagher Re.

Aside from ransomware attacks, cyber risks include hacking and the stealing of information — as well as non-cyber privacy events.

Ms DeLong said: “A great example of that is somebody accidentally disclosing a patient list from a doctor’s office. That would trigger a cyber policy, to respond and comply with whatever regulatory environment they were in in that space.

“But nobody bad actually got a hold of that, there was no malicious act that happened, but that still can affect cyber.”

She added: “So we really have this very complex environment where you have very targeted ransomware events that are going after very specific targets, either because they know they have deep pockets or they know that the business interruption is too great of a risk for them to take a chance and not pay.

“You have the ones where they are going after information, which could be an espionage type of situation. China is very good at that. They go after specific information about specific people.

“There’s the ones that are still stealing credit card information, or social security numbers in the US, and then there’s the just accidental disclosure or non-event privacy disclosure.”

As one of the fastest-growing areas of risk, cyber will require additional reinsurance capacity in future, Ms DeLong said.

“There’s enough reinsurance capacity for what exists right now, but as we grow, as we see this increased inter-connectivity of the world, as we see what cyber events expand and change, that’s where we are starting to see the capacity constraints.”

Bermuda has around half of the approximately $5 billion global cyber reinsurance market, Mr Kennedy said.

Ms DeLong said Bermuda is being looked to for the provision of new and innovative solutions to that capacity crunch — but also for thinking about what products look like, and how they are going to be rolled out.

She added: “Bermuda plays a really important role in that in terms of reinsurance capacity.”

The three-day conference, presented by the Bermuda Business Development Agency, wraps up tomorrow at the Hamilton Princess & Beach Club.