AIG EMEA 2017 cyber claims as high as 4 previous years combined

Amercian International Group (AIG) EMEA saw cyber claims go up significantly in 2017, reaching a total as high as in the previous four years combined, driven by ransomware attacks and cyber business interruption.

Ransomware remains the top cause of loss for cyber claims (the key impact being business interruption), reflecting an increased incidence of such attacks worldwide, according to the AIG report titled “Cyber insurance claims: Ransomware disrupts business”.

AIG’s claims statistics show that over a quarter of cyber claims (26 percent) received in 2017 had ransomware as the primary cause of loss, a significant leap from 16 percent of claims in the years 2013-2016.

“In 2017 we saw a series of sophisticated, systemic malware and ransomware attacks, including WannaCry and NotPetya,” said Mark Camillo, head of cyber for EMEA at AIG. “The resulting business interruption was a significant issue for many European organisations – much of the financial impact was a balance sheet loss. While ransom payments only generated around $150,000, total economic losses associated with WannaCry are estimated at $8 billion, with half a billion dollars attributed to direct costs and indirect business disruption. The majority of these losses were underinsured,” Camillo noted.

After ransomware, data breach by hackers, other security failure/unauthorised access and impersonation fraud were the other main breach types. While the proportion of claims caused by employee negligence reduced marginally to 7 percent in 2017, human error continues to be a significant factor in the majority of cyber claims, the report says.

Professional services, financial services and retail are at the top of the list when it comes to cyber claims, but incidents are spreading more broadly among a range of sectors, indicating that no industry is immune to cyberattack, according to the report.

The take-up of cyber insurance grew substantially in the wake of a wave of systemic ransomware and distributed denial of service (DDoS) attacks. This in itself is likely to contribute to greater claims frequency going forward.

“We’re seeing a lot more interest now from non-traditional buyers of cyber insurance, so can expect an increase year-over-year in the number of claims, just based on the growth of the premium,” says Camillo.

AIG Europe also expects a further surge in data breach and other security failure insurance claims after the EU General Data Protection Regulations (GDPR) come into force on May 25.

“The arrival of GDPR will become another tool for negotiation by extortionists,” Camillo says. “They will threaten to compromise an organisation’s data unless a payment is received, knowing that the consequences could be more significant under the new regime. Companies will be more inclined to report breaches, leading to an increased impact on the volume of cyber claims. This was seen in the US after state breach notification laws came into effect and where nearly every high-profile cyber breach is met with at least one class action lawsuit.”

The report shows that no sector is immune to cyber-attack. In 2017, cyber claim notifications were made by insureds in eight sectors that had previously not featured at all in AIG’s cyber claims statistics. Professional and financial services topped the list, with professional services showing a significant increase in its proportion of overall claims (up to 18 percent from 6 percent in 2013-2016).

Camillo said: “There is a continuing trend, whereby a larger number of notifications each year are coming from an increasingly broad range of industry sectors and not just those traditionally associated with cyber risk. This reflects the fact that many of the recent ransomware attacks have been indiscriminate in terms of which industry they hit.

Nevertheless, professional services have become more of a target. Solicitors and accountants with large databases of clients are attractive to cyber-criminals because of the quality of the data they hold and are vulnerable to cybercrimes that target regular financial transactions.

“However, whatever their size or sector, organisations operating in today’s interconnected and increasingly digital world are becoming more attuned to the risk and aware of how good cyber hygiene, combined with cyber insurance, can play an important part in mitigating potentially dire financial consequences,” Camillo says.

Make sure you are GDPR compliant and  confirm your email address to keep getting our daily emails

More of today's news

GE seeking to shed troubled insurance business: Reuters

Farmers appoints new personal lines president

Assured Guaranty files lawsuit against Puerto Rico

Canopius appoints reinsurance Europe head from Emirates Re

QBE expands inland marine with new product in North America

UNIQA CEO named Insurance Europe president

Don't miss our insurtech email newsletter - sign up today