There has been a 67 percent increase in the average number of security breaches in five years, according to a cyber report by Allianz Global Corporate & Speciality (AGCS).
The Trends in Cyber Risk Report found that there has been a notable rise in cyber-driven claims in recent years.
AGCS suggested that the increase has been driven by the growth of the cyber insurance market but also by the rise in incidents such as data breaches, distributed denial of service attacks, phishing campaigns, and increasingly, ransomware events.
The study analysed 1,736 cyber-related insurance claims worth €660 million involving AGCS and other insurers from 2015 to 2020.
While the COVID-19 outbreak cannot be said to be a direct cause of cyber-related claims, the report stated: “Exposures have been rising during the pandemic, particularly with regards to ransomware and business email compromise incidents, with the increase in remote working and the likelihood that security safeguards may not be as robust in the home office.”
AGCS highlighted that it has seen the first few cyber claims which can be indirectly attributed to the COVID-19 shift in the business landscape, however, it noted that it is too early to tell whether this is a broader trend.
Cyber and business interruption (BI) have now been ranked as the top two risks for companies respectively, according to the Allianz Risk Barometer 2020, which was conducted before the COVID-19 outbreak – and are increasingly interrelated.
The Allianz Barometer 2020 report found that 55 percent of participants feared cyber incidents in BI, while 46 percent said they feared fire/explosion.
The Trends In Cyber Risk report highlighted that business email compromise (BEC) or spoofing attacks have been increasing in frequency for some time and will likely further surge in future due to the economic downturn and shift in the business landscape driven by the COVID-19 outbreak.
With more people working from home new opportunities for criminal activities are generated. Before the pandemic, BEC incidents had already resulted in worldwide losses of at least $26 billion since 2016, according to the Federal Bureau of Investigation (FBI).
However, between May 2018 and July 2019, the number of incidents discovered worldwide doubled, with the average economic loss around $270,000.
The report highlighted that data protection and privacy regulation is increasing in both scope and geographical reach, creating more stringent requirements on organisations that collect and use personal data, as well as enhanced rights for consumers and higher penalties for breaches.
It also reflected on Europe’s General Data Protection Regulation (GDPR), which came into force in May 2018, stating that it has been a game-changer.
GDPR has already led to an increase in claims notifications. Between March 2019 and May 2020, a total of 190 GDPR fines were issued by European data protection authorities (DPA), according to law firm Pinsent Masons seven with a value of almost $500 million.
The report explained that cyber exposures have emerged as a hot topic in mergers and acquisitions (M&A) following some large data breaches.
The report noted that even the best-protected companies can be exposed if they acquire a company with weak cybersecurity or existing vulnerabilities.
“Subsequently, the acquiring firm could be liable for any damage from incidents which pre-date the merger,” it added.
Commenting on the report, Catharina Richter, global head of the Allianz Cyber Center of Competence, which is embedded into AGCS said: “Losses from incidents such as distributed denial of service (DDoS) attacks or phishing and ransomware campaigns account for a significant majority of the value of cyber claims today.”
“Although cybercrime generates the headlines, everyday systems failures, IT outages and human error incidents can also cause problems for companies, even if their financial impact is not, on average as severe. Employers and employees must work together to raise awareness and increase cyber resilience,” she added.
As the AGCS report highlighted, the COVID-19 pandemic has caused more issues for cybersecurity, Captive Insurance Times addressed this issue in September.