According to this year’s Allianz Risk Barometer (), cyber risk takes the number one spot, thanks to a spate of high-profile ransomware attacks, which have pushed it up from third in 2021 behind the closely related risks of business interruption and pandemic risks.
Recently, cyber thieves have become more adept at using “double extortion” strategies. They encrypt information and then threaten to expose it, for example, to release sensitive or personal data. Hackers will now seek to encrypt or erase backups, making a recovery and restoration more difficult or impossible. Cyber-attackers are increasingly targeting employees and top executives for ransom demands, and this is a troubling trend.
The percentage of all the participants who responded. Most respondents to Allianz’s Risk Barometer this year (57 percent) said they were concerned about ransomware, which has recently taken the lead in cyber-threats, as has data breaches (also 57 percent) (see Figure 1). For cybercriminals, ransomware has become a lucrative industry, as they have refined their business models and techniques and decreased the technical entry barrier. Ransomware assaults may now be carried out for as little as $40 a month via dark web marketplaces.
Figure 1: Response of respondents to Allianz’s Risk Barometer
As seen by other reports in the psat, ransomware attacks have become more widespread, impacting enterprises of all sizes, rather than the previously seen targeted attacks.
Figure 2: Ratio of the steady increase in cyber claims
Due to an increase in external system manipulation losses and increased uptake of cyber insurance, cyber insurance claims have climbed dramatically over the last three years.
Figure 3: Causes of loss by the value of claims
Overall, AGCS has observed an increase in cyber-related claims from over 500 to more than 1,100. 90 ransomware-related claims were received during the first half of 2021, a 50% rise over the same period last year. Still, the total number of ransomware-related allegations received in 2019 was unchanged (60). AGCS believes criminals have been better organized and are better equipped. Larger businesses and their supply networks are increasingly being targeted, resulting in increased extortion demands and business interruption costs.
The Rise in Supply Chain Attacks
There has been a troubling trend in recent high-profile cyber-attacks where hackers targeted entire supply chains. In December 2021, Hackers exploited the open-source software vulnerability Log4J, launching more than a million attacks in just four days against enterprises all over the world. Kaseya’s software patch was, in perhaps a grim harbinger of the future cyber risk landscape, infected with ransomware itself, paralleling the SolarWinds attack in 2020 that was believed to have been carried out by a nation-state. As supply chains become increasingly digitized and reliant on digital infrastructure, such attacks are increasingly concerning. Third and fourth on the Allianz, Risk Barometer’s list of cyber hazards of concern were remote working (34 percent) and disruptions to digital supply chains and cloud platforms (33 percent).
Reaction of the Market
Hence, by the increase of cyber attacks, the insurance sector has shifted its focus to helping clients enhance their cyber risk management as the landscape has altered. A cyber security posture assessment is now part of every insurance submission that AGCS receives. Endpoint protection and multi-factor authentication (MFA) are among the proactive technology controls examined during evaluations. Systems can of course still be compromised even when best practices and technological solutions are followed. Pre-event planning is essential to minimize the damage of cyber-attacks, including incident response planning, scenario testing, and board wargaming. Allianz Risk Barometer respondents ranked cyber security resilience as the most important environmental, social, and governance (ESG) issue for their company, even before climate change. Cyber insurance policies are part of a growing range of technical and risk management support services that form a holistic approach to building cyber security resilience. Increased awareness of the risks associated with digitisation and remote working has led to increased demand for cyber insurance.
Daniel Kasper is the principal of Cyber Economics.