EMEA cyber claims escalate in 2017: AIG
AIG’s EMEA division dealt with as many cyber claims in 2017 as the previous four years combined, partly driven by increased claims frequency, according to new figures. The unit said specialist claims staff handled the equivalent of one cyber insurance claim for every working day last year.
Ransomware was found to be the major loss driver. It accounted for 26% of cyber claims last year at AIG EMEA, up from 16% in 2016. Data breach by hackers accounted for 12% of cyber claims, followed by other security failures or unauthorised access on 11%.
Mark Camillo, head of cyber for EMEA at AIG, said: “In 2017 we saw a series of sophisticated, systemic malware and ransomware attacks, including WannaCry and NotPetya. The resulting business interruption was a significant issue for many European organisations – much of the financial impact was a balance sheet loss.”
He said ransom payments from WannaCry only totalled about $150,000 but total economic losses associated with the attack are nearer $8bn.
Professional and financial services suffered the most cyber claims in 2017, each representing 18% of total AIG EMEA claims. This marks a fall for financial services, down from 23% between 2013 and 2016, but an increase for professional services, up from 6% between 2013 and 2016. AIG said professionals, including accountants and solicitors, are attractive to cybercriminals because of the data they hold and their access to large financial transactions.
Mr Camillo said no sector is immune to cyberattacks. “A larger number of notifications each year are coming from an increasingly broad range of industry sectors and not just those traditionally associated with cyber risk. This reflects the fact that many of the recent ransomware attacks have been indiscriminate in terms of which industry they hit,” he explained.
AIG said the EU’s General Data Protection Regulation (GDPR) is expected to trigger a further surge in data breach and security failure claims. At the same time, AIG said cybercriminals will use the GDPR against companies, threatening to compromise firms’ data unless a payment is made.
“Companies will be more inclined to report breaches, leading to an increased impact on the volume of cyber claims. This was seen in the US after state breach notification laws came into effect and where nearly every high-profile cyber breach is met with at least one class action lawsuit,” Mr Camillo said.
