Cyber: The changing threat landscape

Report | October 2022
Given cyber crime incidents are now estimated to cost the world economy in excess of $1trn a year –around 1% of global GDP – it is no surprise that cyber risk regularly ranks as a top customer concern in the Allianz Risk Barometer, our annual survey identifying the top business risks around the world (including finishing #1 in the 2022 edition). Indeed, Allianz Commercial's own insurance industry claims analysis shows that external attacks are responsible for more than 80% of the value of the 3,000 cyber‑related claims we have been involved with over the past five years around the globe.

This report highlights some of the main cyber risk trends we see from an underwriting, risk consulting and claims perspective, such as the growing cost of ransomware attacks – which has been the major loss driver in recent years, the targeting of more smaller‑sized companies by hackers, the increasing frequency and sophistication of business email compromise attacks in the ‘Zoom and deep fake era’, as well as the impact of wider geopolitical tensions.

Our analysis shows that business interruption is the main cost driver in more than 50% of all cyber claims we participate in, and the report also highlights some of the major exposures that can result in large loss activity for companies. Of course, almost any cyber incident can also lead to litigation or demands for compensation from affected customers, suppliers and data breach victims, and elsewhere we look at the continuing evolution of third‑party liability exposures, and how cyber security is increasingly seen as an environmental, social, and governance (ESG) issue. We also examine how a talent shortage is hindering efforts to improve cyber security.

get all information about cyber risk trends

In response to the challenging loss environment of recent years, the insurance industry is more diligently assessing clients’ cyber risk profiles and clarifying coverage areas in a bid to incentivize companies to improve cyber security and risk management controls.

Our experience shows a number of companies still need to improve their frequency of IT security training, cyber incident response plans and cyber security governance. Incident response is critical as the cost of a claim quickly escalates once business interruption kicks in.

It is clear that organizations with good cyber maturity are better equipped to deal with incidents. It is not typical for us to see companies with strong cyber maturity and security mechanisms suffer a high frequency of ‘successful’ attacks. Even where they are attacked, losses are usually less severe.

 

The good news is that we are now seeing a very different conversation on the quality of cyber risk than we were a few years ago and are therefore gaining much better insights as the cyber insurance market matures. Insurers have a role that goes beyond pure risk transfer, helping clients adapt to the changing risk landscape and raising their protection levels. The more we can partner with our clients the more losses will hopefully reduce in future.
Allianz has published a  checklist with recommendations for effective cyber risk management. “In around 80% of ransomware incidents losses could have been avoided if the organizations had followed best practices. Regular patching, multi-factor authentication, as well as information security and awareness training and incident response planning are essential to avoiding ransomware attacks and also constitute good cyber hygiene,” says Rishi Baviskar, Global Cyber Experts Leader, Risk Consulting, Allianz. “If companies adhere to best practice recommendations there is a good chance that they will not become ransomware victims. Numerous security gaps can be closed, often with simple measures.”

Cyber safety is essential for businesses to protect themselves from these attacks and the financial losses they can cause. The latest cyber risk trends are constantly evolving, but some of the most important threats and security issues to watch out for include:

  • Ransomware: The growing cost of ransomware attacks is a serious threat to businesses of all sizes. 
  • Business email Compromise incidents: Incidents of this kind are more frequent and will increase further in the 'deep fake' era. 
  • Supply chain attacks: Attackers are increasingly targeting the supply chains of businesses, as this can give them access to sensitive data and systems. 
  • Data breaches: Data breaches are another major cyber risk, and they can lead to financial losses, reputational damage, and regulatory fines. 
  • IoT security: The increasing number of connected devices is creating new security challenges, as these devices are often more vulnerable to attack than traditional IT systems. 
  • AI-powered attacks: Artificial intelligence (AI) is being used to create more sophisticated and targeted cyberattacks.
Figures represent the percentage of answers of all participants who responded (2,650). Figures do not add up to 100% as up to three risks could be selected.
Source: Allianz.
Simply fill out the form below to receive an email from us with the link to the full report.
Enjoy reading!
 
Please read our privacy notice to find out how we use your data and read our terms of use.
Fields marked with asterisk (*) are mandatory.

Thank you! You will receive an email from us with a link to the full report. Enjoy reading!

Apologies, we are currently unable to handle your request. Please try again.

Warning - The E-Mail Address configured for this form is either unverified or invalid. Please verify the E-Mail Address and try again later.

A verification E-Mail was sent to the following E-Mail addresses:

Kindly check the corresponding inbox for a verification E-Mail and verify it.

Warning - The page URL seems to be incorrect. Kindly check the URL and try again.

Enter the text from the box. 60 seconds remaining. Can't read the text?

Assessing an organization's cyber risk posture and creating a comprehensive risk management strategy involves identifying assets, evaluating threats, assessing vulnerabilities, prioritizing risks, and developing tailored mitigation approaches. It includes employee training, third-party risk management, incident response planning, and continuous monitoring. Regular updates, compliance considerations, communication plans, and continuous improvement are integral to maintaining a robust cybersecurity framework. This process ensures proactive identification and mitigation of cyber threats, safeguarding the organization's operations, data, and reputation.
Third-party vendors and supply chain vulnerabilities significantly impact cyber risk trends by introducing additional entry points for cyber attackers, potential data breaches, and disruptions to critical services. Organizations often lack direct control over vendors' cybersecurity measures and must navigate the challenges of shared infrastructure, complex supply chains, and compliance issues. The interconnected nature of modern business operations requires organizations to diligently assess and manage third-party cybersecurity practices, monitor vulnerabilities, and collaborate effectively to minimize the overall cyber risk landscape.
The Risk Barometer plays a pivotal role in assisting organizations to proactively anticipate and address potential challenges and disruptions. It achieves this by providing early warnings about emerging risks, increasing risk awareness, informing decision-making, prioritizing risks, facilitating scenario planning, fostering adaptability, building resilience, enabling industry benchmarking, influencing strategic planning, aiding stakeholder communication, and promoting cross-industry learning. With its comprehensive insights, the Risk Barometer empowers organizations to take proactive measures and strategic actions to mitigate risks and navigate uncertainties effectively.