The number of cyber insurance claims is growing faster than the number of cyber insurance policies across Europe and increasingly digitalised organisations remain vulnerable to malicious cyber attacks.
Research from Marsh, Wavestone and law firm CMS has revealed that nearly 70% of all cyber attacks in Europe in 2019 were malicious, while less than a third were accidental. Financial gain and data theft are the primary motivations for such attacks; hence, financial institutions occupy the top spot on the list of targets for cyber criminals.
The analysis is based on data from cyber insurance claims managed by Marsh across Europe, which grew by more than 80% over the course of last year. The jump can be pinned on the growing reliance on digital channels such as cloud technology, AI, and the IoT, among others, which has expanded the risk of being targeted by e-criminals for many organisations.
No doubt, businesses are aware of the risks, evidenced by the growing popularity of cyber insurance across Europe. The jump in the number of policies and claims in the cyber space reflects a maturing market.
The report said, “Cyber insurance has been seen more and more as a reliable and cost-effective way to transfer the financial risks that companies face from the increasing use of data and technology in business operations. These include losses and expenses associated with a growing range of cyber perils, such as malicious attack, privacy breach, and accidental events.”
Marsh Continental Europe cyber development leader Sjaak Schouteren said, “Increasingly, firms are looking to standalone cyber insurance as part of their robust cyber risk mitigation programme. These policies can help mitigate the severity of an incident, reduce the organisational impact, and boost resilience against cyber threats.”
At the same time, the report highlights that insurance in of itself is not an effective safeguard. Businesses need to invest in a robust cyber security framework alongside taking out an insurance policy, as it can reduce both the frequency and intensity of potentially devastating cyber attacks.
For now, cyber security mechanisms appear to be falling short to a degree. Marsh saw the number of claim notifications double between 2016 and 2017, and double again between 2018 and last year, well outpacing the increasing rate of standalone cyber insurance purchases.
Most attacks come in the form of ransomware. In fact, the number of ransomware attacks has jumped by 100% since last year. This could be a simple cyber attack, which damages some servers and forces a week of recovery. Alternatively, it could be an advanced cyber attack, which could have ‘automatic spreading capabilities’ and could debilitate an entire organisation. Businesses can take between three and six weeks to recover from such an attack.
As a result, the immediate aftermath of a cyber attack can be extremely costly for a business. The report suggests that emergency measures in the technical, legal and crisis management departments are the highest costs in the wake of an attack, following which large sums have to be shelled out on restoring IT systems, maintaining continuity in business, and developing a communication strategy.
Add to this the money spent on settling potential third-party claims, and the loss of turnover due to business interruptions, and the spike in cyber insurance claims becomes easier to understand. According to the report, the growth in claims provides invaluable data for the business environment.
“As we see more claims triggered under these policies, our opportunities to learn about the landscape increases — not only in claims management, but also in incident management — and prevention.” M