External attacks on companies has been said to result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of claims, according to a new report from Allianz Global Corporate & Specialty (AGCS).
The study with the theme ‘Managing The Impact Of Increasing Interconnectivity – Trends In Cyber Risk’, analyzes 1,736 cyber-related insurance claims worth 660m euros, equal to $ 770m involving AGCS and other insurers from 2015 to 2020.
“Losses from incidents such as distributed denial of service (DDoS) attacks or phishing and ransom ware campaigns account for a significant majority of the value of cyber claims today,” says Catharina Richter, global head of the Allianz Cyber Center of Competence, which is embedded into AGCS.
“But although cyber crime generates the headlines, everyday systems failures, IT outages and human error incidents can also cause problems for companies, even if their financial impact is not, on average as severe. Employers and employees must work together to raise awareness and increase cyber resilience.”
The number of cyber insurance claims AGCS has been notified of has steadily risen over the last few years, up from 77 in 2016, when cyber was a relatively new line of insurance, to 809 in 2019.
In 2020, AGCS has already seen 770 claims in the first three quarters. This steady increase in claims has been driven, in part, by the growth of the global cyber insurance market which is currently estimated to be worth $7bn according to Munich Re.
AGCS started offering cyber insurance in 2013 and, in 2019, generated more than 100m euros in gross written premium in this segment. At the same time the report also highlights that there has been a 70 percent increase in the average cost of cyber crime to an organization over five years to $13m and a 60 percent increase in the average number of security breaches.
Losses resulting from external incidents, such as DDoS attacks or phishing and malware/ransomware campaigns, account for the majority of the value of claims analyzed (85 percent) according to the report, followed by malicious internal actions (9 percent) – which are infrequent but can be costly.
Accidental internal incidents, such as employee errors while undertaking daily responsibilities, IT or platform outages, systems and software migration problems or loss of data account for over half of cyber claims analyzed by number (54 percent) but, often, the financial impact of these is limited compared with cyber crime. However, losses can quickly escalate in the case of more serious incidents.
Business interruption is the main cost driver behind cyber losses, accounting for around 60 percent of the value of all claims analyzed in the report, followed by costs involved with dealing with data breaches.
The cyber risk environment is not expected to become any easier in future, the report notes. Businesses and insurers are facing a number of challenges such as the prospect of more expensive business interruptions, the rising frequency of ransomware incidents, more costly consequences of larger data breaches given more robust regulation and litigation, as well as the impact from the playing out of political differences in cyber space through state-sponsored attacks. The impact of these trends is also the subject of a new AGCS podcast.
