The majority of cyber insurance claims are the result of employee mistakes and technical problems, although external cyber attacks are responsible for the more expensive cyber losses. This is according to a new report by Allianz Global Corporate & Specialty (AGCS), which analysed more than 1,700 cyber claims worth $770m from 2015 to 2020.
“Losses from incidents such as distributed denial of service attacks or phishing and ransomware campaigns account for a significant majority of the value of cyber claims today,” said Allianz cyber centre of competence global head Catharina Richter.
She said, “But although cyber crime generates the headlines, everyday systems failures, IT outages and human error incidents can also cause problems for companies, even if their financial impact is not, on average as severe. Employers and employees must work together to raise awareness and increase cyber resilience.”
The number of cyber insurance claims AGCS has been notified of has steadily risen over the last few years, up from 77 in 2016, when cyber was a relatively new line of insurance, to 809 in 2019. In 2020, AGCS has already seen 770 claims in the first three quarters.
This steady increase in claims has been driven, in part, by the growth of the global cyber insurance market which is currently estimated to be worth $7bn according to Munich Re.
At the same time the report also highlights that there has been a 70% increase in the average cost of cyber crime to an organisation over five years to $13m, and a 60% increase in the average number of security breaches.
The cyber risk environment is not expected to become any easier in future, the report notes. Businesses and insurers are facing a number of challenges such as the prospect of more expensive business interruptions, the rising frequency of ransomware incidents, more costly consequences of larger data breaches given more robust regulation and litigation, as well as the impact from the playing out of political differences in cyber space through state-sponsored attacks.
The huge rise in remote working due to the coronavirus pandemic is also an issue. Malware and ransomware incidents are already reported to have increased by more than a third since the start of 2020, while coronavirus-themed online scams and phishing campaigns about the pandemic continue. At the same time the potential impact from human error or technical failure incidents may also be heightened.
But while exposures are rising, the COVID-19 outbreak cannot yet be said to be a direct cause of cyber-related claims. “AGCS has seen the first few cyber claims that can be indirectly attributed to the COVID-19 landscape, including ransomware attacks which can be linked to the shift to more remote working. However, it’s too early to confirm a broader trend,” said the report.
Prepare to prevent
Preparation and training of employees can significantly reduce the consequences of a cyber event, especially in phishing and business email compromise schemes, which can often involve human error, the report highlighted.
“It can also help mitigate ransomware attacks, although maintaining secure backups can limit damage. Cross-sector exchange and cooperation among companies – such as what has been established by the Charter of Trust – is also key when it comes to defying highly commercially-organised cyber crime, developing joint security standards and improving cyber resilience.” A