As we recently examined in our Why It’s Time To Go Cyber
article, cyber insurance still causes a wealth of confusion for many insurance brokers as there are so many new risks to wrap your heads around, with their scale varying widely depending on the organisation.
Now, however, new research by AIG
Europe, part of global insurer American International Group, has attempted to shine the spotlight on the leading causes of cyber claims from 2013-September, 2016.
While headlines have been dominated by major data breaches and, more recently, by audacious Distributed Denial of Service (DDoS) attacks, it is encryption ransomware and cyber extortion that is one of the fastest growing cybercrimes, accounting for 16% of the cyber claims received by the insurer in Europe, the Middle East and Africa (EMEA) during the period, with a further 4% of claims relating to other cyber extortions. 2016 in particular has seen a proliferation of cyber extortion attacks.
“This year we have had a lot of notifications from businesses that were victims of ransomware type attacks, and nearly all of them had extortion elements to them as well,” said Noona Barlow, head of liabilities and financial lines claims, Europe, for AIG
“We are seeing cyber extortion and ransomware as one of the fastest growing areas of claims. In cases of cyber extortion, claims severity depends on the type of organisation, the level of business interruption caused and need for forensic investigation and system restoration. While ransom demands typically remain small, this form of extortion is a lucrative and relatively straightforward way of accessing ‘fast cash’ for cyber criminals and we can only see it growing in the future.”
According to the report, the bulk of cyber claims are currently coming from industries that have a need to inform their customers when sensitive data has been compromised. Indeed 23% of claims come from the financial services sector; with media, communications and technology coming in next at 18%. Of note, however, is that both ransomware and extortion are common across a host of different industries – and not necessarily ones with an IT angle.
The advice now for brokers is to make sure you are well-equipped with knowledge about the threats your clients face based on the sector they work within to ensure they have the appropriate level of cover for the risks they face.
Regulator warns CEOs on shortcomings in managing ‘silent’ risk
“Cyber is a buzzword” – says Ed CIO