External attacks on companies result in the most expensive cyber insurance losses but it is employer mistakes and technical problems that are the most frequent cause of claims by number, according to a new report from Allianz Global Corporate & Specialty (AGCS).
AGCS study made available to Businesspost.com.ng focused on “Managing the Impact of Increasing Interconnectivity: Trends in Cyber Risk” screened 1,736 cyber-related insurance claims worth US$770m involving AGCS and other insurers from 2015 to 2020. AGCS analysis identified external events such as “DDoS” in the most costly cyber losses but internal incidents like human error or systems failure that were more consistent, with a lower financial impact though.
Catharina Richter, global head of the Allianz Cyber Centre of Competence, said: “Losses from incidents such as distributed denial of service (DDoS) attacks or phishing and ransomware campaigns accounts for a significant majority of the value of cyber claims today. But although cybercrime generate the headlines, everyday system failures, IT outages and human error companies, even if their financial impact is not, on the average as severe. Employers and employees must work together to raise awareness and increase cyber resilience.”
The number of cyber insurance claims AGCS has been notified of has steadily risen over the last few years, up from 77 in 2016 when cyber was relatively new line of insurance, to 770 claims in the first three quarters, an increase it says has been driven in part by the growth of the global cyber insurance market which is estimated to be worth US$7bn according to Munich Re.
AGCS flagged off cyber insurance in 2013 and, in 2019, generated more than Eur 100m in gross written premium. On cost to an organisation, it outlined that there has been a 70+ increase in the average cost of cyber crime to an organisation over five years to $13m and a 60%+ increase in the average number of security breaches.
According to the report, losses resulting from external incidents, such as DDoS attacks or phishing and malware or ransomware campaigns, account for the majority of the value of claims analysed (85%). Also analysed in the report were accidental internal incidents, such as employer errors while undertaking daily responsibilities, IT or platform outages, systems and software immigration problems or loss of data account for over half of cyber claims by number (54%) but, often, the financial impact of these is limited compared with cybercrime. Business interruption is the main cost driver behind cyber losses, accounting for around 60% of the value of all claims, followed by costs involved with dealing with data breaches.
The report also warns that the cyber risk environment is not expected to become any easier in future. Businesses and insurers are facing a number of challenges such as the prospect of more expensive business interruptions, the rising frequency of ransom incidents, more costly consequencies of larger data breaches given more robust regulation and litigation, as well as the impact from the playout of political differences in cyber space through state sponsored attacks.
It also spiked the rise in remote working due to the coronavirus pandemic as an issue. Displaced workforces create new opportunities for cyber criminals to gain access to networks and sensitive information. Malware and ransomware incidents are already reported to have increased by more than a third since the start of 2020, while coronavirus-themed online scams and phishing campaigns about the pandemic continue. Nonetheless, the potential impact from human error or technical failure incidents the report stated, might also be heightened.
AGCS report noted that while exposures are rising, the Covid-19 outbreak cannot yet be said to be a direct cause of cyber-related claims. Cautious not to label a trend, AGCS said it has seen the first few cyber claims that can be linked to the shift to more remote working. However, “it’s too early to confirm a broader trend.”