The threat from cyber threats continues to grow, according to a new report from Tokio Marine HCC.
The second edition of the Cyber Incidents Report found that just ten incidents in 2021 led to the theft of over $600m in cash, while tens of millions of records, and ten of thousands IT operations were put at risk. The report also outlines how a billion airline passenger details were compromised and of how one major bank was shut down for a week.
The report outlines what it rates as the ten-most important cyber incidents of last year, with the ransomware attack against IT provider Kaseya ranked first.
Also included are incidents involving Microsoft Exchange, the IT firm SITA, the Colonial pipeline attack, Ecuadorean bank Pichincha, the nation of Belarus, the Poly Network, Argentinian ID database RENAPER, and Volkswagen USA.
Isaac Guasch, cyber security specialist at TMHCCI and author of the report said, “We are noticing a drastic increase in both likelihood and severity of all types of cyber attack. We have seen a marked increase in ransomware attacks, their complexity and in the appetite to target smaller organisations.”
He added: “But whether you are a small independent business or a large, international organisation, the increasingly interconnected nature of the businesses that form our economies, is a key threat.”
Cyber has been an increasingly popular topic within the industry in recent years. A few days ago, the 15th Annual Emerging Risk survey found that it was the second-highest concern among reinsurers after climate change.
Meanwhile, close attention is probably being paid to the outcome of a New Jersey ruling involving Merck & Co., which had sued over insurance cover from fifteen of its P&C insurers related to a cyberattack in 2017. A summary judgement in that case from New Jersey State Superior Court granted Merck & Co $1.4bn in damages. The court found that the war or hostile acts exclusion clause in the all-risk property insurance policy does not preclude coverage.
A note from Moody’s at the time said that even with the growth of cyber insurance that large, severe attacks could eventually become uninsurable.
Moody’s wrote: “The insurance industry does not have the capital to insure these widespread systemic events. The London Market Association has released model clauses that would exclude coverage for war from cyber insurance policies. Other market participants are also developing similar exclusions with the goal of reaching a market standard to address this complex coverage issue.”
The agency looked at the growth of cyber insurance, stating that it was relatively small at $10bn annually, compared to traditionally property and casualty premiums.
However, it added: “However, the frequency and severity of cyber claims has escalated, most notably for ransomware, particularly over the past two years. Since the onset of the pandemic, as most employees worked remotely and frequently used personal devices and less secure methods for connecting to corporate networks, the surface area for cyberattacks has increased significantly. The growth in the use of cryptocurrencies during this time has also emboldened hackers to make greater ransomware demands. Insurers’ loss ratios will rise further in 2021 and escalating losses have resulted in significant changes in the cyber insurance market.”
