GDPR will drive up cyber claims, says AIG

A further surge in data breach and other security failure insurance claims is expected after the EU General Data Protection Regulations (GDPR) come into force this week. A record breaking year in 2017 had as many cyber claim notifications as in the previous four years combined, the equivalent of one per working day, according to research from AIG Europe.

AIG’s latest cyber claims report, released today, found that over a quarter of European cyber claims (26%) received in 2017 had ransomware as the primary cause of loss – up from 16%.

The main breach types are ransomware 26%; data breach by hackers 12%; impersonation fraud 9%; and other security failure/unauthorised access 11%.

While the proportion of claims caused by employee negligence fell marginally to 7% in 2017, human error continues to be a significant factor in the majority of cyber claims.
Mark Camillo, head of cyber for EMEA at AIG said: “In 2017 we saw a series of sophisticated, systemic malware and ransomware attacks, including WannaCry and NotPetya. The resulting business interruption was a significant issue for many European organisations – much of the financial impact was a balance sheet loss. While ransom payments only generated around $150,000, total economic losses associated with WannaCry are estimated at $8 billion, with half a billion dollars attributed to direct costs and indirect business disruption. The majority of these losses were underinsured.

“The arrival of GDPR will become another tool for negotiation by extortionists. They will threaten to compromise an organisation’s data unless a payment is received, knowing that the consequences could be more significant under the new regime. Companies will be more inclined to report breaches, leading to an increased impact on the volume of cyber claims. This was seen in the US after state breach notification laws came into effect and where nearly every high-profile cyber breach is met with at least one class action lawsuit.”

The report shows that no sector is immune to cyber attack. In 2017, cyber claim notifications were made by insureds in eight sectors that had previously not featured at all in AIG’s cyber claims statistics. Professional and financial services topped the list, with professional services showing a significant increase in its proportion of overall claims (up to 18% from 6% in 2013-2016).


Cyber claims by sector (Source: AIG Europe)

• Professional services 18%
• Financial services 18%
• Retail 12%
• Business services 10%
• Manufacturing 10%

    Share Story:

YOU MIGHT ALSO LIKE


COMMUNICATING IN A CRISIS
Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023