According to an Allianz Global Corporate & Specialty cyber report, ransomware remains a top cyber risk for organisations globally, while the threat of state-sponsored cyber attacks grows.
There was a record 623 million attacks in 2021, which was double that of 2020, says Allianz.
It also notes that despite the frequency reducing 23% globally during H1 of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018 and 2019, while Europe saw attacks surge over this period.
Allianz suggests that ransomware is forecast to cause $30bn in damages to organisations globally by 2023.
It adds that from an AGCS perspective, the value of ransomware claims the company was involved in together with other insurers, accounted for well over 50% of all cyber claims costs during 2020 and 2021.
Scott Sayce, Global Head of Cyber at AGCS and Group Head of the Cyber Centre of Competence, commented, “The cyber risk landscape doesn’t allow for any resting on laurels. Ransomware and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war.
“Most companies will not be able to evade a cyber threat. However, it is clear that organisations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms.
“Although we see good progress, our experience also shows that many companies still need to strengthen their cyber controls, particularly around IT security trainings, better network segmentation for critical environments and cyber incident response plans and security governance.”
Allianz observes that geopolitical tensions, such as the war in Ukraine, are a major factor reshaping the cyber threat landscape as the risk of espionage, sabotage, and destructive cyber-attacks against companies with ties to Russia and Ukraine increase, as well as allies and those in neighbouring countries.
It adds that state-sponsored cyber acts could potentially target critical infrastructure, supply chains or corporations.
“As yet the war between Russia and Ukraine has not led to a notable uptick in cyber insurance claims, however it does point to a potentially increased risk from nation-states,” Sayce explains.
Despite acts of war being typically excluded from traditional insurance products, the risk of a hybrid cyber war has accelerated efforts in the insurance market to address the issue of war and state-sponsored cyber attacks in wordings and provide clarity of cover for customers, says Allianz.
Other emerging risks highlighted in the report include the evolving third-party liability landscape, a shortage of cyber security professionals, and cyber governance under increasing ESG scrutiny.
Sayce concludes, “The good news is that we are now seeing a very different conversation on the quality of cyber risk than a few years ago.
“We are gaining much better insights and appreciate clients going the extra mile in order to provide comprehensive data to us. This also helps us to provide more value and offer useful information and advice to customers, such as which controls are most effective or where to further improve risk management and response approaches.
“The net result should be fewer – or less significant – cyber events for our customers and fewer claims for us. Such collaboration will also help in creating a long-term sustainable cyber insurance market which not only relies on traditional coverages but, increasingly, on integrating cyber risks into captive programs and other alternative risk transfer concepts.”