Cyber insurance claims on the rise
External attacks on companies result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of claims by number, according to a report from Allianz Global Corporate & Specialty (AGCS).
The study analyzes 1,736 cyber-related insurance claims worth EUR 660mn (US$ 770mn) involving AGCS and other insurers from 2015 to 2020.
“Losses from incidents such as distributed denial of service (DDoS) attacks or phishing and ransomware campaigns account for a significant majority of the value of cyber claims today,” says Catharina Richter, Global Head of the Allianz Cyber Center of Competence, a part of AGCS.
“But although cyber crime generates the headlines, everyday systems failures, IT outages and human error incidents can also cause problems for companies, even if their financial impact is not, on average as severe. Employers and employees must work together to raise awareness and increase cyber resilience.”
Growth of the global cyber insurance market fueling cyber insurance claims
The number of cyber insurance claims has steadily risen over the last few years, up from 77 in 2016, when cyber was a relatively new line of insurance, to 809 in 2019. In 2020, there were already 770 claims in the first three quarters. This steady increase in claims has been driven, in part, by the growth of the global cyber insurance market which is currently estimated to be worth $7bn according to Munich Re.
The report also highlights that there has been a 70%+ increase in the average cost of a cybercrime to an organization over five years to $13mn and a 60%+ increase in the average number of security breaches.
Losses resulting from external incidents, such as DDoS attacks or phishing and malware/ransomware campaigns, account for 85% of the value of claims analyzed according to the report, followed by malicious internal actions (9%) – which are infrequent but can be costly.
Accidental internal incidents, such as employee errors while undertaking daily responsibilities, IT or platform outages, systems and software migration problems or loss of data account for 54% of cyber claims analyzed by number but, often, the financial impact of these is limited compared with cyber crime. However, losses can quickly escalate in the case of more serious incidents.
Business interruption, the main cost driver behind cyber losses
Business interruption is the main cost driver behind cyber losses, accounting for around 60% of the value of all claims analyzed, followed by costs involved with dealing with data breaches.
Businesses and insurers are facing a number of challenges such as the prospect of more expensive business interruptions, the rising frequency of ransomware incidents, more costly consequences of larger data breaches given more robust regulation and litigation, as well as the impact from the playing out of political differences in cyber space through state-sponsored attacks.
The huge rise in remote working due to the coronavirus pandemic is also an issue. Displaced workforces create new opportunities for cyber criminals to gain access to networks and sensitive information.
Malware and ransomware incidents are already reported to have increased by more than a third since the start of 2020, while coronavirus-themed online scams and phishing campaigns about the pandemic continue. At the same time the potential impact from human error or technical failure incidents may also be heightened.
Ransomware threats surge
Already high in frequency, ransomware incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands.
There were nearly half a million ransomware incidents reported globally last year, costing organizations at least $6.3bn in ransom demands alone. Total costs associated with dealing with these incidents are estimated to be well in excess of $100bn.
“High-end hacking tools are more widely available driven by the growing ‘commercialization of cyber-hacks’. Increasingly, criminals are selling malware to other attackers who then target businesses demanding ransom payments,” says Marek Stanislawski, Global Cyber Underwriting Lead at AGCS.
“However, extortion demands are just one part of the picture. Business interruption can bring the most severe losses – with downtimes becoming longer – while systems and data restoration costs can quickly escalate.”
Business interruption and digital supply chain vulnerability growing
“Whether due to ransomware, human error or a technical fault, the loss of critical systems or data can bring an organization to its knees in today’s digitalized economy,” says Joerg Ahrens, Global Head of Long-Tail Claims at AGCS.
“The inability to access data for an extended period of time can have a significant impact on revenues – for example, if a company is unable to take orders. Similarly, if an online platform is unavailable due to a technical glitch or cyber event, it could bring large losses for companies that rely on it, particularly given today’s increasing reliance on online sales or digital supply chains.”
Data breaches and state-sponsored attacks
The cost of dealing with a large data breach is rising as IT systems and cyber events become more complex, and with the growth in cloud and third-party services. Data privacy regulation, which has recently been tightened in many countries, is also a key factor driving cost, as is growing third-party liability and the prospect of class action litigation.
So-called mega data breaches (involving more than one million records) are more frequent and expensive, now costing $50mn on average, up 20% over 2019.
In addition, the impact of the increasing involvement of nation states in cyber-attacks is a growing concern. Major events like elections and COVID-19 present significant opportunities.
During 2020 Google said it has had to block over 11,000 government-sponsored potential cyber-attacks per quarter. Recent years have seen critical infrastructure, such as ports and terminals and oil and gas installations hit by cyber-attacks and ransomware campaigns.