According to a new report, businesses must prepare for a new generation of cyber crime, moving beyond the established threats of data breaches, privacy issues and reputational damage to operational damage, business interruption and even potentially catastrophic losses.
“As recently as 15 years ago, cyber attacks were fairly rudimentary and typically the work of hacktivists, but with increasing interconnectivity, globalisation and the commercialisation of cybercrime there has been an explosion in both frequency and severity of cyber attacks,” says AGCS CEO Chris Fischer Hirs in “A Guide to Cyber Risk: Managing The Impact of Increasing Interconnectivity” – from Allianz Global Corporate & Specialty (AGCS).
“Cyber insurance is no replacement for robust IT security but it creates a second line of defence to mitigate cyber incidents. AGCS is seeing increasing demand for these services, and we are committed to working with our clients to better understand and respond to growing cyber risk exposures.”
With fewer than 10% of companies currently purchasing cyber-specific policies, AGCS forecasts that cyber insurance premiums will grow globally from $2 billion per annum today to over $20 billion over the next decade, fuelled by regulatory changes and increasing awareness of cyber exposures.
“Growth in the US is already underway as data protection regulations help focus minds, while legislative developments and increasing levels of liability will see growth accelerate in the rest of the world,” says Nigel Pearson, who is globally responsible for cyber insurance at AGCS.
“There is a general trend towards tougher data protection regimes, backed with the threat of significant fines in the event of a breach.” Hong Kong, Singapore and Australia are among those looking at, or already enforcing, new laws and the European Union is looking to agree pan-European data protection rules. Tougher guidelines on a country-by-country basis can be expected.
Previously, attention has largely been focused on the threat of corporate data breaches and privacy concerns, but the new generation of cyber risk is more complex: future threats will come from intellectual property theft, cyber extortion and the impact of business interruption (BI) following a cyber attack or from operational or technical failure; a risk which is often underestimated.
Increasing interconnectivity of everyday devices and growing reliance on technology and real-time data at personal and corporate levels, known as the Internet of Things, creates further vulnerabilities. While there have been some very large data breaches, the prospect of a catastrophic loss is becoming more likely, but exactly what it will look like is difficult to predict.
Scenarios include a successful attack on the core infrastructure of the internet, a major data breach or a network outage for a cloud service provider, while a major cyber attack involving an energy or utility company could result in significant outage of services, physical damage or even loss of life in future.