Cyber insurance: Risks and trends 2020

27/05/2020 07:54

Review of 2019

Despite increased investment in cyber security, the risk from attacks has increased significantly in the last year. In the qualitative review, three cybercrime risks top the trend list: data theft, attacks using ransomware Trojans, and fraud with forged business e-mails:
 Graph with information on the increase of Data Breach (plus 1/3), Ransomeware (plus 2/3), BEC-Scams (doubled) and regulatory changes (100 countries)
                      © Munich Re


Ransomware Trojans were used in a much more targeted way in 2019 to cause as much damage as possible and extort correspondingly high amounts. In many cases, the attackers already have access to the victim’s system, and employ malware that encrypts data or computer systems, thereby blocking access to them. In return for decryption, they demand a ransom, usually in the form of crypto currency. As well as companies, attacks over the last year have increasingly targeted critical areas of public life, such as public authorities and health system institutes. Ransom demands ranged from USD 5,000 to USD 5m – often individually adjusted to the victim’s financial strength. Two Scandinavian companies suffered the largest known economic losses in 2019. A Norwegian aluminium manufacturer lost approximately USD 70m – primarily from business interruption. Another ransomware attack cost a Danish manufacturer of hearing aids roughly USD 95m. What drove the costs up, apart from the business interruption, was the effort required to restore IT systems.

Data breach

The number of unidentified data thefts and unauthorised personal access to data in the last twelve months increased by roughly one third. Worldwide, some 8.5bn data sets were affected. From a global perspective, the average economic loss per data breach was almost USD 4m, which included the cost of notifying the authorities and the affected persons, investigating the incidents, taking measures to contain the damage and recover the data, as well as fines and court costs. At roughly USD 6.5m, the average costs in the health sector were the highest, as critical data are regularly collected and stored in this field. Data theft is also used for the purpose of blackmail. In the event of non-payment, there is the threat of sensitive corporate or customer data being published. Similar amounts are demanded as with ransomware attacks.

BEC scams

There was a surge over the last year in fraud featuring forged business e-mails, also known as business e-mail compromise. The attacker procures access to a company e-mail account, or creates an email account that looks very similar to a standard company address. They operate with a stolen or forged identity, with the aim of defrauding companies, customers or employees. Between May 2018 and July 2019, the number of incidents discovered worldwide doubled, while the average economic loss was roughly USD 270,000 according to figures published by the FBI. Small- and medium-sized enterprises are the particular targets of this type of fraudulent e-mail attack. The biggest individual loss that came to light in 2019 was of USD 37m and affected a company in the automotive sector. This trend is also reflected in the statistics for insured cyber losses. BEC scams are already responsible for the biggest losses in individual markets. 

Outlook and trends 2020

A networked world and advances in technology, such as the new 5G standard or artificial intelligence, present opportunities in every social area. At the same time, however, they increase dependencies and open up new attack points for cyber criminals who are operating with an increasing level of professional sophistication. 
cyber risks - what to expect in 2020: Grafik mit Informationen zu Trends in Geschwindigkeit, Umfang, Raffinesse und Zielen von Cyber Attacken, sowie Risikobewusstsein und Regulation.
                      © Munich Re

Technology improves efficiency – including that of cybercrime

Ransomware remains a substantial threat – particularly in view of the potential for business interruption. Losses from BEC fraud and data theft can also be expected to remain at a high level. The cybercriminal world is increasingly operating in a targeted, networked and collaborative way. The latest technologies are being used in every phase of the attacks. Artificial intelligence, for example, is finding increasing use to identify targets, identify and exploit weaknesses, and to cover the criminals’ tracks. This allows attackers to increase the level of automation and efficiency, which in turn results in higher losses. What are known as deepfakes, where voices or individuals are mimicked almost to perfection, will also be used more and more in future phishing attacks and identity theft, and to blackmail companies and individuals.

Read the full Article :