Loss of business interruptions accounted for 60% of cyber insurance claims over the past five years, according to a report published on Thursday by Allianz Global Corporate & Specialty SE.
The AGCS analysis of more than 1,700 cyber insurance claims worth € 660 million ($ 781.5 million) over the last five years also reveals that the average cost of cybercrime for organizations has increased 70% to $ 13 million dollar. Meanwhile, the number of attacks has increased by 60%.
There has also been a further increase in the number of cyber claims this year, says the AGCS. 770 claims were reported to AGCS during the first nine months of 2020. This follows 809 throughout 2019. But AGCS said it was too early to say whether this increase was caused by COVID-1
Business outages can lead to the most serious cyber losses, with downtime lasting longer, and system and data restoration costs can escalate rapidly, says the AGCS.
"Whether due to ransomware, human error, or a technical error, the loss of critical systems or data can put an organization on its knees in today's digital economy," said Joerg Ahrens, global head of long-tail claims at AGCS. in a statement. "If an online platform is not available due to a technical problem or cyber incident, it could result in huge losses for companies that depend on it, especially given today's increasing reliance on online sales or digital supply chains," said Ahrens.
While external cyber attacks cause the most expensive cyber insurance losses, employees' mistakes and technical problems lead to the largest number of claims, the report says.
AGCS said that more than half (54%) of the claims were due to unintentional internal incidents, e.g. as employee errors or interruptions, but the losses were small.
In terms of value, cyberattacks – including distributed denial of service (DDoS), phishing and malware – accounted for most of the claims analyzed by AGCS (85%). Harmful internal measures accounted for 9% of losses.
"Losses from incidents such as DDoS attacks or phishing and ransomware campaigns account for a significant majority of the value of cyber claims today," Catharina Richter, global director of the Allianz Cyber Center of Competence, said in the statement.
Nearly half a million ransomware incidents were reported globally last year, costing at least $ 6.3 billion in claims. Total costs are believed to exceed $ 100 billion.
“Although cybercrime generates headlines, everyday system failures, IT outages and human error incidents can also cause problems for companies, even if their financial consequences are not, on average, that severe. Employers and employees must work together to raise awareness and increase cyber resilience, says Richter.
Companies and insurance companies face more expensive business outages in the future, along with other challenges such as more ransomware incidents, higher costs for major data breaches. and greater risk from state-sponsored attacks, the AGCS said.
Mega-hacking, involving more than one million records, now costs an average of $ 50 million, an increase of 20% over 2019, the AGCS said.
Higher levels of teleworking caused by Covid-19 have created new opportunities for cybercriminals to access networks, along with coronavirus-themed scams and phishing campaigns, the report said.
Malware and ransomware have increased by more than a third since its inception in 2020, the AGCS said. But while exposures are increasing, it is too early to say whether this is directly linked to COVID-19.
“The AGCS has seen the first few cyber claims that can be indirectly attributed to the COVID-19 landscape, including ransomware attacks that can be linked to the transition to more remote work. However, it is too early to confirm a broader trend, "it said.
Commercial Risk Europe is a sister publication of Business Insurance. More stories from CRE here.