The cyber insurance losses costing the most are coming from external attacks on companies. But employees are generating the most number of claims as they make mistakes and face technical problems, according to a new report from Allianz Global Corporate & Specialty.
What the report found:
- 85 percent of the value of claims analyzed involved losses from external incidents such as distributed denial-of service attacks, or phishing and ransomware campaigns. Approximately 9 percent came from malicious internal actions – infrequent but costly violations.
- 54 percent of claims resulted from accidental internal incidents such as employee errors during the daily course of business, IT or platform outages, systems and software migration problems or loss of data.
Catharina Richter, Global Head of AGCS’s Allianz Cyber Center of Competence, said the results show that companies should pay attention to system failures and human cyber-related errors as much as the more costly external threats such as phishing and DDoS attacks.
“Although cyber crime generates the headlines, everyday systems failures, IT outages and human error incidents can also cause problems for companies, even if their financial impact is not, on average as severe,” Richter said in prepared remarks. “Employers and employees must work together to raise awareness and increase cyber resilience.”
AGCS said the number of cyber insurance claims it has been notified of grew from 77 in 2016, when cyber was a relatively new line of insurance, to 809 in 2019. In 2020, AGCS has already seen 770 claims in the first three quarters. Growth in the global insurance market is driving this in part, the specialty insurer said, adding that the average cost of a cybercrime to an organization has grown to $13 million over five years. Along side this, there has been a 60 percent increase in the average number of security breaches, AGCS said.
Business interruption is the main cost driver behind cyber losses, accounting for around 60 percent of the value of all claims analyzed, AGCS said, followed by costs involved with dealing with data breaches.
The full report is “Managing The Impact of Increasing Interconnectivity – Trends in Cyber Risk.” Study authors analyzed 1,736 cyber-related insurance claims worth $ 770 million involving AGCS and other insurers from 2015 to 2020.