Cyber-insurance and the rising risks amid COVID
The COVID-19 outbreak continues to spread and disrupt lives, businesses, and economies worldwide, which forces organizations and individuals to embrace new practices of social distancing and remote working. While the world is focusing on the health and economic threats posed by the virus, cybercriminals are seizing the opportunity to increase their attacks.
Cyberthreats are increasing day by day, affecting both individuals and businesses. With the continuous lockdown policies and social distancing measures, individuals tend to increase the use of the internet and digital devices for their daily tasks, such as shopping, payments, and other transactions that were previously completed offline.
For organizations, cyber threats are mainly caused by work from home measures, which sees companies implementing customer-facing networks and employee access technologies for their workforce. Although several cybersecurity efforts were carried out, the organizations’ unpreparedness can still lead to cybersecurity misconfigurations. In some cases, employees might be using their personal computers to work with confidential data, which could also pose a cyber risk to the companies.
According to data published by Trend Micro , their Smart Protection Network (SPN) detected nearly 9 million Covid-19-related threats from January to June 2020. These threats are mainly originated from emails, URLs, and malicious files. The attacks also tend to target the fear and the constant need for updates on the virus, for instance, sending emails that claim to have the latest statistics related to COVID-19 cases.
Another global survey released by the Interpol Bureau  has identified four main cyber threats related to the COVID-19 pandemic:
1- Phishing scams, and fraud: with 59% of respondents who stated the significant increase of COVID-19 themed phishing and online frauds that consist of cybercriminals posing as global health authorities with relevant information
2- Malware and ransomware: 36% of respondents noted that malware attacks shifted their targets from small businesses and individuals to government agencies and healthcare organizations
3- Malicious domains: 22% of respondents noticed an influx of newly registered domains that include keywords such as COVID or Corona, claiming to have the latest updates and statistics
4- Fake news: 14% of respondents listed misinformation as a main threat since false information and rumors continue to be shared through social media networks
Businesses’ cybersecurity efforts
In light of these challenges, companies are improving their cybersecurity efforts to manage their business continuity and avoid significant data breach losses. One of the major technology applications used to achieve this is the Virtual Private Networks (VPNs), which help companies manage their remote workforces’ access to data and information, as well as monitor potential cyber threats and their impacts on the companies’ activities. Cybersecurity is also expected to become an urgent priority for businesses around the world, with a special focus on endpoint security technologies. Thus, leading the global cybersecurity spending to reach $270 billion by 2026.
- Spending related to external security services purchased
- Internal spend refers to the compensation of in-house full-time equivalent employees
Source: AustCyber report “The global outlook for cybersecurity” based on data provided by Gartner, Australian Bureau of Statistics, Burning Glass, expert interviews; AlphaBeta and McKinsey Analysis
Insurance and cyber risk mitigation
Cybersecurity measures are not the only way for businesses to mitigate cyber risks. Cyber insurance policies are used by large and small corporations to receive full coverage in case of a cyber breach or attack. Most cyber insurance policies include a broad array of coverages relevant to the current environment. Coverages protect the companies’ network security liability and privacy liability, as well as cover costs related to security response, data recovery and restoration, ransom event, reputational harm, system failures, and other types of repercussions that may cause business interruption.
The cyber insurance market, while small compared to more mature lines of business, has grown steadily in recent years. According to Swiss Re, cyber insurance premiums doubled between 2016 and 2019 . The demand pre-COVID-19 was mainly driven by a shift of the business models implemented by SMEs, which focused on increasing their e-commerce and digital capabilities.
This digital transformation trend will most likely accelerate post-COVID-19, as companies of all sizes are trying to align with the new market realities. This will also contribute to the growth of the cyber insurance market, which is expecting a growth of 20% to 30% per year on average, to reach $12.3 billion premiums by 2023.
- Cyber insurance policies provided to individuals
- Cyber insurance policies provided to companies (SME and Large corporations)
Source: S&P Financial Services forecasts
However, investments in cybersecurity technologies and applications remain the main tool used by organizations to mitigate their cyber risks, as cybersecurity spending continue to outpace spending on cyber insurance (as stated in Figure 3).
Source: Marsh and Microsoft report 2019 Global Cyber Risk Perception Survey; based on data from Gartner, Munich Re
This trend is likely to continue in the cyber market due to the pandemic’s impact on the cyber insurance prices, which are on the rise as insurers try to limit their risk exposure in order to maintain suitable credit and capital strength and manage their deteriorating loss ratios and overall profitability.
While cyber insurance policies can assist companies with costs related to data breaches and cyber-attacks, the preventive nature of the cybersecurity solutions, the expensive insurance premiums, and policy coverage limits (i.e. maximum payouts that companies can receive in case of a claim) are all factors that continue to impact the way organizations choose to allocate their cybersecurity budgets.
Intissar Mounaji – Research Associate
- The study presents the data related to cyber threats detected by the Trend Micro Smart Protection Network (SPN) — Securing the Pandemic-Disrupted Workplace: Trend Micro 2020 Midyear Cybersecurity Report
- The study presents a global survey conducts from April to May 2020, with data collected from 48 members countries and 4 INTERPOL private partners as part of the INTERPOL Global Cybercrime Survey — COVID-19 Cybercrime Analysis Report- August 2020
- The global outlook for cyber security
- Cyber Risk In A New Era: Insurers Can Be Part Of The Solution
- 2019 Global Cyber Risk Perception Survey