Although it is logical that cyber attacks have risen during the pandemic, and there is anecdotal evidence that it is occurring, including our own experience, an interesting new report was recently released by Allianz, which provides cyber-liability insurance products.
According to the report, “While the COVID-19 outbreak cannot be said to be a direct cause of cyber-related claims, exposures have been rising during the pandemic, particularly with regards to ransomware and business email compromise incidents, given the increase in remote working and the likelihood that security safeguards may not be as robust in the home office.”
The report analyzes the cause of loss by value of claims and the number of claims, finding 1,736 claims worth $770 million from 2015-2020. The analysis shows that external manipulation of computer systems (i.e., DDOS or phishing/malware/ransomware) is the most expensive, “but the analysis also shows that more mundane technical failures, IT glitches or human error incidents are the most frequent generator of claims.”
The report also states that “Whether it results from an external cyber-attack, human error or a technical failure, business interruption is the main cost driver behind cyber claims. It accounts for around 60% of the value of all claims analyzed with the costs associated with dealing with data breaches ranking second.”
The number one threat cited in the report is “Laxer Security Post COVID-19 Heightens Cyber Risk.” Since the migration to working from home, the report states that “malware and ransomware incidents have already increased by more than a third, at the same time as a 50%+ increase in phishing, scams, and fraud, according to international police body, INTERPOL.”
The report further reinforces the need for companies to address the increased risk that accompanies a remote workforce, employee education and engagement, and providing employees with tools to protect themselves and their employer’s data. As the report aptly states: “Employers and employees must work together to raise awareness and increase cyber resilience in the home office set up.”