The frequency and severity of cyber events is on the rise and as the peril grows in relevance, particularly under COVID-19 conditions, demand for protection is likely to continue to increase, according to Doris Höpke, Member of the Board of Management at Munich Re.
As the ongoing pandemic continues to restrict face-to-face meetings, the German reinsurance giant hosted a virtual Baden Baden 2020 press briefing this morning.
Insurance capacity, interest rates, loss experience, and risk awareness were each discussed at length and described as the main drivers of expected further market hardening. Additionally, and in light of the ongoing uncertainty being caused by the pandemic, systemic risk was a topic of discussion and alongside COVID-19, the very complex cyber risk space was singled out.
“Another area of systemic risk that is on the rise definitely is cyber,” said Höpke. “We are convinced that cyber is one of the most relevant, and at the same time, one of the most demanding challenges for our industry.”
As noted by Höpke, the dramatic shift to remote working as a result of lockdown measures enforced around the world to mitigate the spread of the novel coronavirus, has enabled new and sometimes easier ways of cybercrime. In fact, roughly 71% of all security professionals reported elevated levels of security threats and attacks since the arrival of COVID-19, explained Höpke.
“In March, there was an incredible 30,000% increase of COVID-19 related attacks and malware – ransomware attacks increased by 148% only in March.
“In more general terms, at the beginning of May, the FBI reported a 300% increase in reported cybercrime. And attention to COVID-19 was also used and abused by cyber criminals. In April, for example, on a daily basis, Google blocked more than 18 million phishing emails related to COVID-19. And, in 2020, more than 68,000 newly observed host names were published with keywords related to COVID-19, and they were found to be high-risk or malicious,” she continued.
Adding: “And, it’s not only an increasing frequency, it’s also severity going up. The financial impact on those affected by a cyber event rose nearly sixfold, to a median of $57,000. So, cyber risk is clearly on the rise, and in particular, under COVID circumstances.”
Ultimately, the influence of COVID-19 means that there’s a growing amount of investments being made in IT security at companies of all shapes and sizes, and from across various industries. A trend which Höpke feels is needed and which is happening.
“But, as cyber security is now a really relevant topic, even for the smallest businesses, insurance demand is likely to further increase. And, the cyber insurance market, we expect it to triple to up to $20 billion by 2025. So, in five years from now,” she explained.
For Munich Re, coverage of cyber risk is and remains an important strategic growth area. In July of last year, Munich Re said that it intends to continue focusing more of its business on the growing cyber market, with the goal of retaining its current 10% market share.
Today, Höpke revealed that the reinsurer still has a 10% market share and stressed that the company plans to grow with the market and keep this market share stable.
“At the same time, we are very well aware that cyber insurance is a complex topic, and it’s becoming more and more complex than ever. We are therefore convinced that only with a holistic approach to cyber we can contribute to a sustainable cyber insurance market. And, this requires a whole range of activities. Apart from adequate risk pricing, there are many other elements, and we mentioned most of them in the past as well, and most of them are still on the agenda,” continued Höpke.
Of course, with systemic risks such as cyber, pandemics, and climate change, the question of insurability is often raised and debated. During the Q&A, Höpke spoke to this topic and told the audience that while exposures of a systemic nature, such as the outage of the Internet or of entire networks are viewed as uninsurable by Munich Re, accumulation control and diversification are key.
“We are very stable in our cyber offerings, and there we diversify and this is exactly the opposite of what the risk landscape is in pandemics, in our view. Because, in particular, by focusing on a segment of smaller and medium businesses we can diversify, we can build up a significant portfolio with a lot of diversification in it, with smaller limits of up to 50 million perhaps up to 100 million, but not going beyond this,” explained Höpke.
Adding: “That’s the challenge of cyber, to understand where is cyber really systemic and comparable to pandemic so that there is no diversification. And, this is why, for example, phenomenon that by nature are global or go across regions, like outage of the Internet, outage of networks, this is uninsurable, in our view.
“But, a virus, or malware or ransomware attack, and you’re right, there can be attacks of many users at the same time, but we consider this to be a very different quality compared to a network outage or compared to pandemics.”