Business interruption driving most severe cyber losses: AGCS

Business interruption is the main cost driver behind cyber losses, accounting for almost 60 percent of the value of all claims analysed in a new report by Allianz Global Corporate & Specialty (AGCS).

"Business interruption can bring the most severe losses – with downtimes becoming longer – while systems and data restoration costs can quickly escalate,” said Marek Stanislawski, global cyber underwriting lead at AGCS.

AGCS report, titled Managing the impact of increasing interconnectivity – trends in cyber risk, analysed cyber-related insurance claims worth €660 million from 2015 to 2020.

AGCS research found that businesses and insurers are facing a number of challenges such as the prospect of more expensive business interruptions, the rising frequency of ransomware incidents, more costly consequences of larger data breaches given more robust regulation and litigation, as well as the impact from the playing out of political differences in cyber space through state-sponsored attacks.

The report said that the volume of cyber insurance claims has gone up from 77 in 2016 to 770 in the first three quarters of 2020.

This steady rise in claims has been driven, in part, by the growth of the global cyber insurance market which is currently estimated to be worth $7 billion, according to Munich Re.

The cyber risk environment is not expected to become any easier in future, warned Allianz.

Joerg Ahrens, global head of long-tail claims at AGCS, noted: “Whether due to ransomware, human error or a technical fault, the loss of critical systems or data can bring an organisation to its knees in today’s digitalized economy.”

The report also highlighted that there has been over a 70 percent increase in the average cost of cyber crime to an organisation over five years to $13 million and a 60+ percent increase in the average number of security breaches.

Ransomware incidents have become more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands, said report. There were nearly half a million ransomware incidents reported globally last year, costing organisations at least $6.3 billion in ransom demands alone. Total costs associated with dealing with these incidents are estimated to be well in excess of $100 billion.

"Losses from incidents such as distributed denial of service (DDoS) attacks or phishing and ransomware campaigns account for a significant majority of the value of cyber claims today,” said Catharina Richter, global head of the Allianz Cyber Center of Competence.

AGCS also cited rise in remote working as an issue, but argued that the COVID-19 outbreak cannot yet be said to be a direct cause of cyber-related claims.

The insurer said that human error and technical problems are the most frequent generator of claims by number, and that employers and employees need to work together to raise awareness and increase cyber resilience.