Number of claims on cyber insurance policies rising steeply

13 August 2020 Consultancy.eu

The number of cyber insurance claims is growing faster than the number of policies across Europe, as increasingly digitalised organisations remain vulnerable to malicious cyber attacks. This is according to new research from Marsh, Wavestone and law firm CMS.

The analysis is based on data from cyber insurance claims managed by Marsh across Europe, which grew by more than 80% over the course of last year. The jump can be pinned on the growing reliance on digital channels such as cloud technology, artificial intelligence, and the internet of things, among others, which has expanded the risks of being targeted by e-criminals for many organisations.

No doubt, businesses are aware of the risks, evidenced by the growing popularity of cyber insurance across Europe. The jump in the number of policies and claims in the cyber space reflects a maturing market.

“Cyber insurance has been seen more and more as a reliable and cost-effective way to transfer the financial risks that companies face from the increasing use of data and technology in business operations. These include losses and expenses associated with a growing range of cyber perils, such as malicious attack, privacy breach, and accidental events,” state the report’s authors.

The cyber threat landscape

Cyber Development Leader for Marsh Continental Europe Sjaak Schouteren pointed out that cyber insurance can bring far-reaching benefits. “Increasingly, firms are looking to standalone cyber insurance as part of their robust cyber risk mitigation programme. These policies can help mitigate the severity of an incident, reduce the organisational impact, and boost resilience against cyber threats.”

At the same time, the report highlights that insurance in of itself is not an effective safeguard. Businesses need to invest in a robust cyber security framework alongside taking out an insurance policy, as it can reduce both the frequency and intensity of potentially devastating cyber attacks.

For now, cyber security mechanisms appear to be falling short to a degree. Marsh saw the number of claim notifications double between 2016 and 2017, and double again between 2018 and last year, well outpacing the increasing rate of standalone cyber insurance purchases.

Simple vs advanced cyber attacks

Marsh, Wavestone and CMS used the claims data to obtain a realistic and detailed picture of the cyber threat landscape. “Understanding the modus operandi of cybercriminals can help organisations to be better prepared. Wavestone's incident response team, CERT-W, has managed numerous security incidents and discovered that the majority of the attacks tend to be opportunistic,” explained Vincent Nguyen, Head of CERT-W at Wavestone. 

Nearly 70% of all cyber attacks in Europe last year were malicious, while less than a third were accidental. Financial gain and data theft are the primary motivations for such attacks, according to Nguyen, which explains why financial institutions occupy top spot on the list of targets for cyber criminals.

Manufacturing, communications, media & technology and professional services businesses also feature on the list of prominent cyber targets. The results of such an attack can be financially devastating, depending on the nature and magnitude.

Costly attacks

Most attacks come in the form of ransomware. In fact, the number of ransomware attacks has jumped by 100% since last year. This could be a simple cyber attack, which damages some servers and forces a week of recovery. Alternatively, it could be an advanced cyber attack, which could have “automatic spreading capabilities” and could debilitate an entire organisation. Businesses can take between three and six weeks to recover from such an attack.

As a result, the immediate aftermath of a cyber attack can be extremely costly for a business. The report suggests that emergency measures in the technical, legal and crisis management departments are the highest costs in the wake of an attack, following which large sums have to be shelled out on restoring IT systems, maintaining continuity in business, and developing a communication strategy.

Add to this the money spent on settling potential third party claims, and the loss of turnover due to business interruptions, and the spike in cyber insurance claims becomes easier to understand. According to the report, the growth in claims provides invaluable data for the business environment.

“As we see more claims triggered under these policies, our opportunities to learn about the landscape increases — not only in claims management, but also in incident management — and prevention.”