Global costs of cyber crime are expected to surge within the next five years, rising from an estimated $11 trillion in 2023 to nearly $24 trillion by 2027, according to the latest cyber insurance risks and trends report released by Munich Re last week.
Ransomware will continue to dominate the leading causes of cyber insurance losses this year, as has been the case since 2020.
The report, Munich Re’s Cyber Insurance Risks & Trends 2023, found emerging trends in ransomware attacks include data destruction rather than encryption, the pretense of data theft as a new successful form of extortion, and a concentration of ransomware attacks on cloud infrastructure. Attacks will be completed with greater precision due to cyber criminals’ expertise and sophisticated methods.
Since cyber criminals are expected to tap key technology trends such as artificial intelligence like ChatGPT, the so-called “metaverse” and the expanding worlds of IT, Internet of Things (IoT) and operational technology (OT), the threat to private businesses and public infrastructures is only expected to grow.
As attacks become more sophisticated and a significant shortage in the cybersecurity talent pool remains, businesses and governmental entities will need to stay vigilant. “Our cyber and risk management experts predict that this shortage of talent, increasingly complex systems and digital infrastructures, the growing impact of geopolitics on cyber risk, as well as established cyber hazards, will result in a turbulent threat landscape for 2023 and beyond,” stated the report.
Even with the best cybersecurity systems and personnel in place, individual employees remain the best line of defense — even as they remain an encumbrance to cybersecurity. As a result, phishing, social engineering and business email compromise (BEC) schemes are likely to remain favored vehicles for attack, according to Munich Re findings.
Geopolitical Risks Will Drive Cyber Losses
Globally, organizations are facing greater exposure to geopolitical conflicts, and coupled with the growing sophistication of cyber crime, cybersecurity risks will only increase.
Geopolitical risks from the Russian invasion of Ukraine, along with global powers jockeying for position, will be key drivers of cyber insecurity and will make a systemic, catastrophic cyber event more likely, the report stated.
The targeting of critical infrastructure, intellectual property or processes like governmental elections, taking place in around 70 countries, will be part of these geopolitical cyber risks, Munich Re noted.
Some nation states will increasingly dedicate resources to cyber research and development, for example, to find and exploit zero-day vulnerabilities, the analysis found.
The advanced targeting of satellite technologies, disinformation and destabilization efforts through the use of machine learning, AI, deep fakes, chatbots, social media and other digital channels will increase. This will create an unprecedented threat to societies and governments.
If those tactics are adopted by “commercial cyber crime actors,” it could create an unprecedented threat to society and governments, noted the report.
While cyber warfare remains an uninsurable risk, Munich Re suggests revisions to existing exclusionary policy language. “These revisions will add more clarity and transparency for all market participants. In order to better prepare society and the economy for cyber warfare scenarios,” the report stated.
Due to bottlenecks and systematic risk targets, such as cloud services, the findings suggest supply chains will remain the preferred target for attacks in the coming year.
In an increasingly digitized world, the demand for cyber insurance will continue to grow, according to Munich Re, and facilitating a sustainable cyber insurance market remains a key task for the insurance industry.