A new report explores the rise in importance of Cyber risk
Producers who sell commercial liability and property should read the new free report by Allianz Insurance Group about cyber risk to gain useful and timely bullet points to discuss with their insurance clients and prospects about this burgeoning risk.
Cyber risk becomes the number one risk for businesses
According to an annual business risk annual survey that Allianz has conducted for the last nine years, cyber risk, which, in 2013, ranked fifteenth, became in 2020 the number one perceived risk, business risk. Before 2020, the generic risk of “business interruption” had perennially topped the annual survey.
Business interruption dropped to second place in 2020, although the relationship between cyber risk and business interruption risks are related. Most cyber risks, as detailed in the report, when they occur, cause business interruption.
Reports highlights how and why Cyber has become the number one risk to businesses
The report’s bullet point sections list the concerns of insurers, insureds, brokers, and agents about the ever-growing cyber risk business face.
Some of the conditions causing increasing exposure of businesses to cyber risk losses, listed in the report, include:
- Post-COVID-19 remote work has heightened data breach cyber risks
Many of the protective measures businesses take to avoid data breaches focus on employees. Estimates of the causes of data breaches, according to the report, range between fifty and ninety percent of them being caused directly or as a contributing factor by employees. The employee-caused breaches may result from “phishing,” emails purportedly from reputable companies or company executives or co-workers that induce responses revealing passwords, or “social engineering,” these so-called “human hacking” operations use data or voice communications to have insufficiently attentive employees share data, spread malware infections, or open access to restricted systems.
With so many employees working remotely because of COVID-19, the security systems designed for pre-pandemic business locations have greater vulnerabilities. As a result, the number of scammers and spammers looking to exploit these vulnerabilities has increased. Remote workers provide cybercriminals and hackers easier access to previously secure corporate systems and steal data or plant ransomware.
- In 2020, malware and ransomware incidents have increased by more than a third
The report, quoting Bloomberg News, states that cyber-attacks on the nation’s electric grid have increased by thirty-five percent in the United States. This sudden increase in such attacks is attributed to hackers targeting utility IT workers who have had to work remotely, during the pandemic, without the cyber-safeguards they usually have while working at more secure work locations.
Also, the long-term consequences of the COVID-19 pandemic will almost certainly accelerate the remote working and cloud-based business. That change to distributed digital work environments will also initially increase cyber risks for businesses adopting this business model.
- Ransomware incidents are becoming more “frequent, sophisticated and financially damaging”
Ransomware has become a major problem for businesses. In the United States, cities and town governments and hospitals have become targets of opportunity for ransomware attacks.
ID Ransomware, a free service that identifies the type of ransomware that may have infected a system, has identified 960 different ransomware strains used to extort money from businesses and other entities.
Emsisoft, an anti-virus and anti-malware company, reported almost five hundred thousand ransomware infections had occurred globally in 2019. The ransomware attackers involved demanded $6 billion in ransom demands alone according to Emsisoft estimates from security vendor Emsisoft However, the total costs associated with dealing with these ransomware incidents and their attendant business interruptions are estimated to be well more than $100 billion according to Allianz’ report.
According to the report, cybercriminals are selling ransomware to other attackers who then target businesses demanding ransom payments. The result of this black market in ransomware is that less-sophisticated hackers are being furnished with highly effective tools to exploit online vulnerabilities.
Other factors adding to cyber risks for businesses, nonprofits, and governments
The other factors discussed in the report contributing to the increasing frequency of cyber-crimes against business, governments, and nonprofit institutions in no order are:
- “Business email compromise – or spoofing – attacks have been increasing in frequency and will likely further surge in the future due to the shift in the business landscape.
- A mega data breach now costs an average of $50 million, per the Ponemon Institute, a research center dedicated to privacy, data protection, and information security policy.
- Data breaches have increasing regulatory exposure. In the United States, data breach notification requirements increase costs for data breaches.
- Class action litigation a developing situation. E.g., Equifax settled for $700 million, its data breach lawsuits.
- Buying a company can bring cyber risk. A buyer can become at risk for a data breach if they acquire a company with weak cybersecurity or existing vulnerabilities.
- Nation-states engaging in cyberespionage to steal intellectual property or sensitive data increases the cyber risks. E.g., the hacking of the United States Treasury and Commerce department.
For the full free fifteen-page Allianz Cyber Report, click HERE to go to the Allianz website
Allianz Global Corporate & Specialty (AGCS) is a leading global corporate insurance carrier and a key business unit of Allianz Group. It provides risk consultancy, property-casualty insurance solutions, and alternative risk transfer for customers ranging from Fortune Global 500 companies to small businesses and private individuals.
AGCS offers a range of cyber insurance products ranging from standalone cyber insurance to dedicated cyber risk coverage in traditional property and casualty policies.