February ITL Focus: Cyber

ITL FOCUS is a monthly initiative featuring topics related to innovation in risk management and insurance.

Cyber Focus Header


How bad has the cybersecurity issue become? Well, The Economist, not known for hysteria, published a story in late December with the headline, "How ransomware could cripple countries, not just companies."

The magazine noted that the British Library, one of the most important in the world, had been hacked in October. The data for its catalog of 14 million books, used by researchers around the globe, was encrypted, and the hackers demanded a ransom. The library declined to pay and has only gradually been able to restore its services.  

The Economist article said that, while ransomware has largely been a Western problem, "it is spreading globally. America, Australia, Britain, Canada and Germany are the most affected countries, but Brazil and India are not far behind them. Victims span the public and private sectors—in recent weeks attacks have hit an Italian cloud-service provider that hosts government data, Germany’s energy agency and a Chinese bank in New York, among others. An attack on Christmas Eve disrupted emergency care at a German hospital network, and attacks on the education sector are rising. This adds up to a slow-burning but serious national-security crisis. 

"'It is the one serious organised crime that could bring the country to a standstill,' warned Graeme Biggar, the director of Britain’s National Crime Agency, recently....

"After a lull in 2022, caused in part by a split between Russian and Ukrainian hackers, ransomware attacks are back at their peak."

Some of the statistics and observations in the article are startling:

--The average ransom payment jumped from $800,000 in 2022 to more than $1.5 million in the first quarter of 2023.
--Ransom payments in the first half of 2023 totaled $449 million, 80% of the total for all of 2022 – and the article says the numbers "might reflect just the top of the problem."
--"The cost of buying a credential, such as an employee’s log-in details for a company network, was typically less than $100, with some going for as little as a dollar," the article says. 
--"The median 'dwell time'—the time between an attacker getting access to a network and executing their ransomware—has fallen from 5.5 days in 2021, to 4.5 days in 2022 and to just under 24 hours in 2023, according to Secureworks. In a tenth of cases, ransomware was deployed within five hours of the initial intrusion," according to The Economist/
--"Some research shows that 80% of organisations that pay up get hit again and that 29% of victims of data extortion end up with data leaked anyway," the article says.
--"Technology is giving a fresh boost to attackers. Generative artificial-intelligence
tools like ChatGPT are helping improve everything from the quality of English in phishing emails to the potency of malware.... The online forums used by cyber-criminals already have dedicated AI sections," The Economist writes.
--Hackers are increasingly "exfiltrating" data. Rather than encrypt a target's data – whch can be difficult – they transfer the data into their systems. They threaten to publish it or use it in some harmful way if ransom isn't paid. They create pressure not just on the target but on any customer, supplier or partner whose data they now possess. Hackers can even now target senior executives, such as the CEO, if they've scooped up any embarrassing internal documents.

Tackling the cybersecurity problem has proved difficult, to say the least. It's not just that hackers have become very sophisticated and that the costs of mounting attacks have come way down, letting criminals take a shotgun approach as they look for victims. It's also that hackers tend to work from rogue nations such as Russia and North Korea, where they are beyond the reach of traditional law enforcement. The U.S. government has registered some successes using counterespionage tactics to take down hackers' networks and enjoy an odd advantage that they don't have against many criminal groups: Hackers need to have some sort of public presence in the form of a brand so victims who pay ransoms will believe that the hackers will do as they promise after being paid, and authorities can attack that online presence. Still, the problem is growing faster than authorities can contain it.

That's where insurers come in. Customers, too.

Everyone agrees that the best way to prevent cyber attacks is to harden the targets. Insurers, as they've learned to quantify and price risks, have developed considerable expertise on where the vulnerabilities are, and thus how to reduce them. Customers have great incentive to listen.

To learn more about what insurers can do, I spoke for this month's ITL Focus with Scott Sayce, global head of cyber at Allianz Global Corporate & Specialty and group head of the Cyber Centre of Competence.

He says the key is to never believe that something is set and done. "Once we feel we have solutions, there's always a new way for hackers," he says. "I've been involved with cyber insurance for almost 25 years, and I don't think I've ever used the phrase, 'We've got it nailed.'" 

He adds that he thinks cyber insurance has made enormous strides, going from what some considered "a bit of a fad many years ago" to a line that "will be larger than some of the traditional lines over the next 10 to 15 years." Sayce says cyber insurers have been building networks of services that have greatly helped customers understand and reduce their risks. He adds with pride, "Over the last four or five years, ferocious ransomware has hit so many organizations, and cyber insurance proved its worth with the volumes of claims that were paid."  

I think you'll find the interview interesting. I also commend to your attention the six articles I've selected for this month's Focus and encourage you to look through the whole library of articles in the cyber section at ITL. It's a very robust collection. I had an awfully hard time picking just six for the Focus email. 


The key to cybersecurity is to never believe something is set and done, says Scott Sayce, global head of cyber at Allianz Commercial. "Once we feel we have solutions, there's always a new way for hackers," he says. "I've been involved with cyber insurance for almost 25 years, and I don't think I've ever used the phrase, 'We've got it nailed.'"   

Read the Full Interview

"Ransomware certainly hasn't gone away. It continues to be at the forefront, not only in terms of how insurers are trying to help customers but in terms of the points they’re raising with us. It's a critical area that causes them sleepless nights. Those that take it seriously and have the right mentality and the right culture are best positioned to protect themselves, and insurance can help."

— Scott Sayce
Read the Full Interview



Risks, Trends, Challenges for Cyber Insurance

Cyber underwriters face a myriad of risks, emerging trends and formidable challenges in crafting robust policies.

Read More

The New Era of Ransomware

Organizations must understand the changes in cybercriminal business models and prioritize investments that limit financial loss.

Read More

Cybersecurity Turns Attention to IoT

While the focus has been on IT infrastructure, insurers and clients are realizing the IoT creates the biggest attack surface for hackers.

Read More

'Post-Quantum' Agility Is Critical

Insurers must keep up with the ever-changing nature of cyber threats -- and a new form of computing is causing concern.

Read More

Cyber Insurance at Inflection Point

What happens next will depend on how clearly underwriters, brokers and insurance buyers commit to building resilience.

Read More

Navigating the Vast Sea of Threat Intelligence

There is a way for companies to overcome the challenges and optimize the business value of their cyber threat intelligence investments.

Read More




Insurance Thought Leadership

Profile picture for user Insurance Thought Leadership

Insurance Thought Leadership

Insurance Thought Leadership (ITL) delivers engaging, informative articles from our global network of thought leaders and decision makers. Their insights are transforming the insurance and risk management marketplace through knowledge sharing, big ideas on a wide variety of topics, and lessons learned through real-life applications of innovative technology.

We also connect our network of authors and readers in ways that help them uncover opportunities and that lead to innovation and strategic advantage.


Read More