Cyber: The changing threat landscape
Risk trends, responses and the outlook for insurance
This report highlights some of the main cyber risk trends we see from an underwriting, risk consulting and claims perspective, such as the growing cost of ransomware attacks – which has been the major loss driver in recent years, the targeting of more smaller‑sized companies by hackers, the increasing frequency and sophistication of business email compromise attacks in the ‘Zoom and deep fake era’, as well as the impact of wider geopolitical tensions.
Our analysis shows that business interruption is the main cost driver in more than 50% of all cyber claims we participate in, and the report also highlights some of the major exposures that can result in large loss activity for companies. Of course, almost any cyber incident can also lead to litigation or demands for compensation from affected customers, suppliers and data breach victims, and elsewhere we look at the continuing evolution of third‑party liability exposures, and how cyber security is increasingly seen as an environmental, social, and governance (ESG) issue. We also examine how a talent shortage is hindering efforts to improve cyber security.
In response to the challenging loss environment of recent years, the insurance industry is more diligently assessing clients’ cyber risk profiles and clarifying coverage areas in a bid to incentivize companies to improve cyber security and risk management controls.
Our experience shows a number of companies still need to improve their frequency of IT security training, cyber incident response plans and cyber security governance. Incident response is critical as the cost of a claim quickly escalates once business interruption kicks in.
It is clear that organizations with good cyber maturity are better equipped to deal with incidents. It is not typical for us to see companies with strong cyber maturity and security mechanisms suffer a high frequency of ‘successful’ attacks. Even where they are attacked, losses are usually less severe.
What does good IT security look like?
What are the latest cyber risk trends?
Cyber safety is essential for businesses to protect themselves from these attacks and the financial losses they can cause. The latest cyber risk trends are constantly evolving, but some of the most important threats and security issues to watch out for include:
- Ransomware: The growing cost of ransomware attacks is a serious threat to businesses of all sizes.
- Business email Compromise incidents: Incidents of this kind are more frequent and will increase further in the 'deep fake' era.
- Supply chain attacks: Attackers are increasingly targeting the supply chains of businesses, as this can give them access to sensitive data and systems.
- Data breaches: Data breaches are another major cyber risk, and they can lead to financial losses, reputational damage, and regulatory fines.
- IoT security: The increasing number of connected devices is creating new security challenges, as these devices are often more vulnerable to attack than traditional IT systems.
- AI-powered attacks: Artificial intelligence (AI) is being used to create more sophisticated and targeted cyberattacks.