Cyber Risk: Now and in the Future
November 4, 2015
Cybercrime has grown into a massive expense for businesses and organizations around the world. According to a recent report by Allianz Global Corporate & Specialty, it costs the global economy an estimated $445 billion annually. It costs the world's four largest economies - the US, China, Japan and Germany - more than $200 billion. And the cost is expected to grow.
Because businesses are increasingly interconnected across the globe and cybercrime has become highly profitable, the frequency and severity of attacks has grown rapidly. To combat this, Asian and European governments are following the lead of the US in implementing strict data protection laws. Proposed laws call for harsh fines for data breaches.
An increasing concern is business interruptions resulting from data breaches. In the spring of 2015, hackers took down a French TV station and grounded 10 Polish airliners. Theft of intellectual property and "cyber-extortion," combined with business interruption, may prove more costly than the breaches themselves.
In addition, industrial control systems, many of which were designed before cybercrime emerged as a serious threat, are vulnerable to attacks. Fires or explosions at utilities or shutdowns of assembly lines could result.
How can businesses fight this? The Allianz report offers several tips:
- Make cyber security a priority for everyone in the organization.
- Identify key assets and vulnerable points.
- Implement, test and refine plans for responding to data breaches. Speedy responses and the use of outside experts can reduce the cost of a breach.
- Decide which cyber risks to accept; avoid; control through loss prevention and reduction; and transfer to third parties.
Transferring risk likely means buying cyber insurance policies. Traditional liability and property insurance policies often do not cover cyber losses. Organizations will need separate policies from insurers with expertise in this area. Many of the policy forms are new and have yet to be tested in court. The products will evolve as those tests occur.
Lack of knowledge is a challenge. Many businesses do not understand either their own exposures or the available insurance products. Also, insurers face a shortage of knowledgable underwriters.
Despite this, Allianz predicts that the worldwide cyber insurance market will grow from $2 billion in 2015 to more than $20 billion in 2025. Much of that growth will be driven by demand for business interruption coverage. While businesses are focused on their internal controls now, their interconnection with partners will lead them to pay more attention to protecting supply chains. Allianz also expects a catastrophic cyber loss to eventually occur, possibly large enough to destroy a major corporation.
Several trends point to greater risks in the future. Some experts think there will be one trillion connected devices by 2020. Aging hardware, lacking modern safeguards, will become inviting attack targets. Criminals will go after weak points in supply chain connections. The "Internet of Things" will present new access points. Hackers have already infiltrated household appliances and used them for spam attacks. Increased reliance on cloud computing may make data more vulnerable.
Cybercrime will remain a large and growing threat to all organizations for the foreseeable future. How they respond to that threat may well determine their futures.