Cyber attacks and extortion claims have resurged this year, with ransomware victim numbers up 143% globally during the first quarter, Allianz Commercial says.

January and February saw the highest number of hack and leak cases in three years. 

Early detection and effective response will be key to ensuring a sustainable insurance market going forward, a new Allianz Commercial report says. 

"Traditional cyber security has focused on prevention. There will always be a gap remaining that will enable attacks to get through,” Global Head of Cyber Risk Consulting Rishi Baviskar said.

Allianz says early detection technology is readily available and effective, and can “stop a $20,000 loss turning into a $20 million one”. 

"Detection systems are constantly improving and can save lots of pain. This is something we look for in our cyber risk assessments and underwriting," Mr Baviskar said.

Ransomware is the single largest cause of cyber insurance claims “by some distance,” and Global Head of the Cyber Center of Competence Scott Sayce says a 25% increase in the number of cyber claims annually is likely by year-end. 

“The attackers are back with more powerful tools, enhanced processes, and attack mechanisms,” he said. 

“A well-protected company is necessary to stand up to the threat and, increasingly, the most important element of this is developing strong detection and fast response capabilities." 

Ransomware and extortion-based attacks account for more than 80% of claims from standalone cyber policies, and business interruption makes up 50% of all cyber-related losses by value. Manufacturing is the most targeted industry. 

Attackers have turned to data exfiltration and mass cyberattacks such as MOVEit, which affected over a thousand companies earlier this year and cost many billions from restoration costs, business interruption and third-party liability. It affected multiple policyholders simultaneously. 

That attack contributed to the worldwide increase in the frequency of claims in 2023, and Allianz says more sophisticated attacks and inflation are increasing the cost of large cyber losses.

The proportion of cases in which data is exfiltrated increased to 77% in 2022, from 40% in 2019, and Allianz says 2023 is on course to surpass this. Regional Practice Leader Cyber Insurance Jens Krickhahn says data exfiltration can “take the potential claim value to a completely new dimension”. 

"Not only do these claims take longer to settle, but the impact of a data exfiltration claim can also climb dramatically with litigation and regulatory investigations, while legal and IT forensics costs can be extremely expensive.

“If data has been stolen, you must know exactly what data has been exfiltrated, and you may have to notify your customers, who could claim compensation or threaten litigation,” Mr Krickhahn said. 

Companies are 2.5 times more likely to pay a ransom in cases where data has been exfiltrated and the proportion of companies paying a ransom has jumped from 10% in 2019 to 54% in 2022.

“With data exfiltration, you can attack a standard manufacturing company with many different clients. If you can get data on these clients as well, the criminals can demand money from them also, and that is what we have seen in some claims now,” Mr Krickhahn said.

Mass ransomware attacks are a potential “gamechanger” for the insurance industry, as they trigger multiple claims simultaneously, he says.

“This year we had our first event case, with 40 policies triggered at the same time. From a claims management side that creates a completely new scenario, as you are in contact with multiple insureds at the same time, on the same topic, with different service providers and vendors. The once theoretical risk of an accumulation exposure is now reality.

“A similar successful attack against a larger IT vendor or data centre provider could have a global effect and a huge impact on the insurance industry.

“Many insurers will no doubt look at their exposure to different industries and sectors more carefully, and will need to consider capacity management, as well as coverage. Knowing that many companies are reliant on a single vendor, an insurer may need to consider solutions – such as aggregation clauses – just to manage the exposure.” 

Allianz says modelling accumulation of cyber risk is challenging because the interdependencies between insureds and their vendors is difficult to qualify and track. 

“It’s almost like we are underwriting many risks, not just the insured. We are looking at all their vendors and suppliers and need to understand the interdependencies in our portfolio.”

In July, Allianz Commercial commenced operations in Australia led by MD Phuong Ly after the insurer combined some businesses and introduced a new structure with 11 new regions, each led by a separate MD.

See the report here.