In an interview with Help Net Security, Michael Daum, the Head of Global Cyber Claims at Allianz Commercial, shed light on the significant increase in cyber claims in 2024. This surge is primarily driven by a rise in data breaches and ransomware attacks, emphasizing the need for businesses to prioritize cyber hygiene practices and align their risk management strategies with insurers’ expectations.
The upward trend in cyber claims over the past year is largely attributed to a spike in data and privacy breach incidents. One notable trend is the escalation of ransomware attacks, including data exfiltration, as attackers adapt their tactics and exploit the growing interconnectedness between organizations handling vast amounts of personal data. Furthermore, the evolving regulatory and legal landscape has led to a rise in ‘non-attack’ data privacy-related class action lawsuits, stemming from incidents like wrongful collection and processing of personal data.
As cyber threats become more sophisticated and interconnected, insurers are emphasizing the importance of modeling to assess risks beyond just the insured entity, considering the extended network, cloud services, software providers, and digital dependencies.
Ransomware remains a prevalent cause of cyber insurance losses, with a significant portion of large cyber claims attributed to it. Despite advancements in cybersecurity and backup strategies enabling companies to better withstand ransomware attacks, the threat persists, with a considerable increase in the number of incidents as reported by Allianz Commercial.
In contrast, the rise in ‘non-attack’ data privacy claims signifies a shift driven by technological advancements, increased commercial value of personal data, and evolving regulatory frameworks. These claims, particularly prevalent in the US, involve class action litigations against large corporations for privacy violations, often resulting in substantial financial repercussions.
To manage the escalating costs associated with data breaches, regulatory fines, and litigation, companies are advised to prioritize good cyber hygiene practices, such as robust access controls, database segregation, backups, patching, and regular training. Early detection and response capabilities play a crucial role in mitigating breaches effectively, with AI emerging as a valuable tool in automating tasks and reducing the financial impact of data breach claims.
As more organizations invest in cyber insurance, aligning internal cyber risk management practices with insurers’ expectations is essential to reduce premiums and claim risks. Implementing a risk-based approach to data protection, limiting access, encryption, and monitoring for third parties are crucial strategies, along with securing sensitive private data with the highest level of cybersecurity measures.
Looking ahead, the evolution of cyber insurance to encompass ‘non-attack’ events underscores the need for the insurance industry to offer proactive loss prevention and mitigation advice to businesses. The comprehensive coverage provided by cyber insurance extends beyond financial compensation to help companies justify cybersecurity investments and prioritize effective risk mitigation measures.
As the cyber threat landscape continues to evolve, businesses must remain vigilant and proactive in their approach to cybersecurity to mitigate risks and protect against potential financial losses associated with cyber incidents. Aligning with insurers’ expectations and implementing robust data protection measures are essential steps in safeguarding against the growing complexities of cyber risks in the digital age.