AIG's Mark Camillo on how GDPR is driving the European cyber market
Need to know
- Ransomware is the primary cause of loss in more than one in four cyber claims
- The majority of business interruption losses resulting from hacks are underinsured
- Extortionists can threaten to compromise a company’s data, knowing how much GDPR fines may cost
- When notified, cyber breaches are often met with class action lawsuits
- Cyber attacks affect an increasingly broad range of industry sectors
The General Data Protection Regulation is driving a surge in the European cyber insurance market, explains Mark Camillo, head of cyber for Europe, Middle East and Africa at AIG.
Not so long ago, cyber insurance was essentially a niche product, but in the past five years there has been a considerable increase in demand, especially in Europe.
To give some idea of the size of that increase, at the end of 2014, Europe represented just 5% of AIG’s global cyber portfolio. In the following three years, that figure rose to around 25%. In the first half of 2018, there has been a 50% increase in demand for cyber insurance in Europe compared to last year.
Claims are rising too: 2017 was a record-breaking year, with as many cyber claim notifications as in the previous four years combined, the equivalent of one per working day.
More than a quarter of cyber claims (26%) received in 2017 had ransomware as the primary cause of loss – up from 16% – according to AIG’s latest cyber claims report. This is unsurprising when you think that last year there were a series of sophisticated, systemic malware and ransomware attacks, including Wannacry and Notpetya.
The resulting business interruption was a significant issue for many European organisations – much of the financial impact was a balance sheet loss. While ransom payments only generated around $150,000, total economic losses associated with Wannacry are estimated at $8bn (£6bn), with half a billion dollars attributed to direct costs and indirect business disruption. The majority of these losses were underinsured.
A further increase in data breach and other security failure insurance claims is expected as a result of the General Data Protection Regulation, which will become another tool in the hands of extortionists. They will threaten to compromise an organisation’s data unless a payment is received, knowing that the consequences will be more significant under the new regime.
Companies will be more inclined to report breaches, with an increased impact on the volume of cyber claims as seen in the US after state breach notification laws came into effect. GDPR will also lead to more shareholder lawsuits against companies and their directors in the future. The US has had strict notification requirements for a number of years, and nearly every high-profile cyber breach is met with at least one class action lawsuit.
All businesses need to be prepared; no sector is immune to cyber attack. In 2017, cyber claims notifications were made by insureds in eight sectors that had previously not featured at all in AIG’s cyber claims statistics. This is a continuing trend, whereby a larger number of notifications each year come from an increasingly broad range of industry sectors, and not just those traditionally associated with cyber risk. This reflects the fact that many of the recent ransomware attacks have been indiscriminate in terms of which industry they hit.
For many businesses, it is now a question of ‘when’ rather than ‘if’ they will be victim of a cyber attack. To become cyber-resilient, organisations need to prepare – practise their response, implement a robust cyber risk strategy and ensure they are indemnified for the full range of cyber exposures, including network interruption.
Further reading
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@postonline.co.uk or view our subscription options here: http://subscriptions.postonline.co.uk/subscribe
You are currently unable to print this content. Please contact info@postonline.co.uk to find out more.
You are currently unable to copy this content. Please contact info@postonline.co.uk to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@postonline.co.uk
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@postonline.co.uk
Most read
- Covéa shrinks staff numbers by almost a third amid further losses
- DLG or Esure – which Peter Wood baby is most likely to bounce back?
- Aviva CEO warns home insurance premiums need to go up