Given cyber crime incidents are now estimated to cost the world economy in excess of $1trn a year –around 1% of global GDP – it is no surprise that cyber risk regularly ranks as a top customer concern in the Allianz Risk Barometer, our annual survey identifying the top business risks around the world (including finishing #1 in the 2022 edition). Indeed, AGCS’ own insurance industry claims analysis shows that external attacks are responsible for more than 80% of the value of the 3,000 cyber‑related claims we have been involved with over the past five years around the globe.

This report highlights some of the main cyber risk trends we see from an underwriting, risk consulting and claims perspective, such as the growing cost of ransomware attacks – which has been the major loss driver in recent years, the targeting of more smaller‑sized companies by hackers, the increasing frequency and sophistication of business email compromise attacks in the ‘Zoom and deep fake era’, as well as the impact of wider geopolitical tensions.

Our analysis shows that business interruption is the main cost driver in more than 50% of all cyber claims we participate in, and the report also highlights some of the major exposures that can result in large loss activity for companies. Of course, almost any cyber incident can also lead to litigation or demands for compensation from affected customers, suppliers and data breach victims, and elsewhere we look at the continuing evolution of third‑party liability exposures, and how cyber security is increasingly seen as an environmental, social, and governance (ESG) issue. We also examine how a talent shortage is hindering efforts to improve cyber security.

The good news is that we are now seeing a very different conversation on the quality of cyber risk than we were a few years ago and are therefore gaining much better insights as the cyber insurance market matures. Insurers have a role that goes beyond pure risk transfer, helping clients adapt to the changing risk landscape and raising their protection levels. The more we can partner with our clients the more losses will hopefully reduce in future.

AGCS has published a  checklist with recommendations for effective cyber risk management. “In around 80% of ransomware incidents losses could have been avoided if the organizations had followed best practices. Regular patching, multi-factor authentication, as well as information security and awareness training and incident response planning are essential to avoiding ransomware attacks and also constitute good cyber hygiene,” says Rishi Baviskar, Global Cyber Experts Leader, Risk Consulting, AGCS. “If companies adhere to best practice recommendations there is a good chance that they will not become ransomware victims. Numerous security gaps can be closed, often with simple measures.”