Can’t evade cyber threat in ‘deep fake’ era: ransomware damages to hit $30bn

Ransomware is forecast to cause $30 billion in damages to organisations globally by 2023, with the prospect of a hybrid cyber war as wider geopolitical tensions escalate, analysts at  Allianz Global Corporate & Specialty (AGCS) have warned.

The insurer’s annual review of the cyber risk landscape found that ransomware is a “top cyber risk” for organisations globally as business email compromise incidents are on the rise and likely to increase further in the ‘deep fake’ era.

At the same time, the war in Ukraine and wider geopolitical tensions are a major concern as hostilities could spill over into cyber space and cause targeted attacks against companies, infrastructure or supply chains.

According to its new report, there were a record 623 million attacks in 2021, double that of 2020. Although frequency reduced by 23% globally during the first half of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018 and 2019, while Europe saw attacks surge over this period.

From an AGCS perspective, the value of ransomware claims the company was involved in together with other insurers, accounted for well over 50% of all cyber claims costs during 2020 and 2021.

The review also highlights the emerging threats posed by the growing reliance on cloud services, an evolving third-party liability landscape that means higher compensation and penalties, as well as the impact of a shortage of cyber security professionals.

Such potential vulnerabilities mean that today a company’s cyber security resilience is scrutinised by more parties than ever before, including global investors, meaning many firms now rank it as their major environmental, social, and governance (ESG) risk concern, the report noted.

“The cyber risk landscape doesn’t allow for any resting on laurels. Ransomware and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war,” said Scott Sayce, global head of cyber at AGCS and group head of the cyber centre of competence.

“Most companies will not be able to evade a cyber threat. However, it is clear that organizations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms,” he added.

Sayce noted that despite progress many companies still need to strengthen their cyber controls, particularly around IT security trainings, better network segmentation for critical environments and cyber incident response plans and security governance.

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.