The worldwide impact of cybercrime on business is predicted to balloon to $10.5 trillion by 2025, but boardroom focus on cyber risk appears to be diminishing, according to a Beazley risk and reliance report.

“The perceived threat of cyber risk to global business leaders peaked in 2021 (34 percent), and over the past two years, the risk perception has dropped,” said Beazley in a statement accompanying the report. “In 2024, it is predicted to remain at 27 percent whilst business preparedness for this risk continues to decline.”

Beazley’s report is based on the findings of a survey conducted with 2,000 business leaders and business insurance buyers at the beginning of the year. Participants were asked about their views on insurers, insurance and various risks.

“Business leaders are finding it a struggle to keep up with the constantly evolving cyber threat,” said Paul Bantick, group head of cyber risks at Beazley. “But worryingly, they appear less concerned by cyber risk than a couple of years ago. This could be because they have been lulled into a false sense of security as the war in Ukraine led to a temporary reduction in the ransomware threat level when a number of cyber gangs splintered, but this situation is only temporary and should not be viewed as the new normal.”

Just 27 percent of global business leaders cite cybercrime risk as their top area of concern. Despite the perception of cyber risk reducing, perceived resilience has not strengthened but has fallen to 74 percent from 80 percent last year.

“The perception that the worst is over, that businesses are immune or have at least built up a tolerance to the most extreme effects, does not match the reality,” Bantick said.

He added that cybercrime, particularly ransomware, is a high growth industry and a lucrative business. He said the barriers to entry are getting lower, and “the advent of new technology has also provided further opportunities for cybercriminals’ growth models and, as they hone their techniques and attack methods, they are becoming increasingly sophisticated and efficient.”

Disruptive Tech Concerns Rising

“As cyber fears decrease, the technological risk landscape has fragmented, with executives nearly as concerned about the perceived threat posed by disruptive new technologies, such as AI, as the risk of cybercrime,” according to Beazley in the press statement.

Nearly a quarter of business leaders rank intellectual property theft as their top risk in 2023 — more than double what it was in 2021 (11 percent). More than one in four businesses report they feel ill-equipped to mitigate this risk.

Beazley found that failing to keep pace with technology and adapting to new innovations is an issue that 26 percent of global business leaders identified as their key technological concern. Resilience to this threat, however, is on the decline, and 21 percent of all businesses feel they cannot maintain the pace of change.

Beazley reports that AI’s “transformative potential is undeniable.” With that comes a new set of cyber challenges that potentially enable threat actors to operate at a greater scale or offer novice cybercriminals easy access to sophisticated code targeted at specific organizations, the report said.

SMEs Feel More Exposed

Small and medium-size businesses are increasingly aware of their limited ability to mitigate cybercrime threats — and Beazley’s data suggests they feel more exposed than ever. Companies with an annual revenue of between $250,000 and $1 million report feeling less prepared to deal with cyber risks in 2023 (76 percent) than they did in 2022 (70 percent).

Beazley also found that small businesses believe that their cyber risk will fall in the future. These businesses predict that their operating environment will become more secure in the coming months, with those projecting that they will be operating in a high-risk environment dropping from 33 percent to 30 percent.

“This perception would seem to rely on SMEs evolving their businesses while cybercriminals’ approaches remain static,” the report reads. “Unfortunately, for businesses of all sizes, this is not the case.”

Beazley reports that cybercrime groups are also becoming more specialized and diversified, and SMEs, which often have fewer resources and less robust IT security, provide a training ground for new cyber criminals to learn their trade.

Insurance’s Role

Beazley’s report concludes with the message that in recent years, the value of cyber insurance “has been proven beyond doubt.”

“The insurance industry has been called upon to respond to an avalanche of incidents and paid out billions in ransomware claims alone,” the report reads. “That is what we are here to do. However, for the cyber insurance market to grow, it must recognize that certain risks are too big to cover, that their impact is of sufficient scale to be considered systemic and catastrophic. These risks are few, but they do exist.”

The report names cyber war as one of those risks. Beazley reports those potential losses are only increasing. As the wording of war exclusions evolves to reflect the reality on the ground, then a new cyber war market is evolving to furnish some of the demand, the report said.

“The evolution of technology is making more and more businesses feel exposed,” the report reads. “Insurers must ensure that they are evolving as partners. That we are supporting businesses as they embrace new innovations, jolting them from their reverie when they believe a clear threat has dissipated and working to create new solutions as risks compound and their potential impact grows.”

Read the report on the Beazley website.