External attacks on companies result in the most expensive cyber insurance losses but it is employee mistakes and technical problems that are the most frequent generator of claims by number, according to a new report from Allianz Global Corporate & Specialty (AGCS).
The study analyzes 1,736 cyber-related insurance claims worth USD 770mn from 2015 to 2020.
The number of cyber insurance claims AGCS has been notified of has steadily risen over the last few years, up from 77 in 2016 to 809 in 2019. In 2020, AGCS has already seen 770 claims in the first three quarters.
This steady increase in claims, reports Allianz, has been driven, in part, by the growth of the global cyber insurance market which is currently estimated to be worth USD 7bn according to Munich Re.
The report also highlights that there has been a 70%+ increase in the average cost of a cybercrime to an organization over five years to $13mn and a 60%+ increase in the average number of security breaches.
Losses resulting from external incidents, such as DDoS attacks or phishing and malware/ransomware campaigns, account for the majority of the value of claims analyzed (85%), followed by malicious internal actions (9%).
Accidental internal incidents account for over half of cyber claims analyzed by number (54%) but the financial impact of these is limited compared with cyber crime.
Finally, business interruption is the main cost driver behind cyber losses, accounting for around 60% of the value of all claims analyzed.
“Losses from incidents such as distributed denial of service (DDoS) attacks or phishing and ransomware campaigns account for a significant majority of the value of cyber claims today,” says Catharina Richter, Global Head of the Allianz Cyber Center of Competence, a part of AGCS. “But although cyber crime generates the headlines, everyday systems failures, IT outages and human error incidents can also cause problems for companies, even if their financial impact is not, on average as severe. Employers and employees must work together to raise awareness and increase cyber resilience.”