Businesses must get ready for a new generation of cyber risks, which are fast evolving beyond the established threats of data breaches, privacy issues and reputational damage to operational damage, business interruption and even potentially catastrophic losses, warns a major insurer.
A newly-published report – issued by Allianz Global Corporate & Specialty (AGCS) and entitled A Guide to Cyber Risk: Managing the Impact of Increasing Interconnectivity – examines current trends in cyber risk and emerging perils worldwide.
The insurer reports that cyber risk is a major and fast-increasing threat to businesses with cyber-crime alone costing the global economy approximately US$445bn a year; the world’s largest 10 economies accounting for half this total. In the UK, the cost of cyber-crime as a percentage of GDP is .16%, with an estimated cost of $4.3bn (£2.8bn).
“As recently as 15 years ago, cyber-attacks were fairly rudimentary and typically the work of hacktivists, but with increasing interconnectivity, globalisation and the commercialization of cyber-crime there has been an explosion in both frequency and severity of cyber-attacks,” said AGCS chief executive Chris Fischer Hirs.
“Cyber insurance is no replacement for robust IT security but it creates a second line of defence to mitigate cyber incidents. AGCS is seeing increasing demand for these services, and we are committed to working with our clients to better understand and respond to growing cyber risk exposures.”
The company predicts that increasing awareness of cyber exposures and regulatory change will propel the future rapid growth of cyber insurance. “Growth in the US is already underway as data protection regulations help focus minds, while legislative developments and increasing levels of liability will see growth accelerate in the rest of the world,” says Nigel Pearson, who oversees cyber insurance at AGCS.
“There is a general trend towards tougher data protection regimes, backed with the threat of significant fines in the event of a breach.”
The insurer notes that Hong Kong, Singapore and Australia are among those looking at, or already enforcing, new laws and the European Union is looking to agree pan-European data protection rules. Tougher guidelines on a country-by-country basis can be expected.
Previously, attention has largely been focused on the threat of corporate data breaches and privacy concerns, but the new generation of cyber risk is more complex: future threats will come from intellectual property theft, cyber extortion and the impact of business interruption (BI) following a cyber-attack or from operational or technical failure; a risk which is often underestimated.
“Awareness of BI risks and insurance related to cyber and technology is increasing,” said Georgi Pachov, cyber expert in AGCS’s global property underwriting team. “Within the next five to 10 years BI will be seen as a key risk and a major element of the cyber insurance landscape,”
In the context of cyber and IT risks, BI cover can be very broad including business IT computer systems, but also extending to industrial control systems (ICS) used by energy companies or robots used in manufacturing.