In its latest Risk Barometer, Allianz reports that cyber risks, such as IT outages, ransomware attacks or data breaches, rank as the most important risk globally (34% of responses).
Given cyber crime incidents are now estimated to cost the world economy in excess of $1trn a year1 – around 1% of global GDP – it perhaps should come as no surprise that cyber risk is the top customer concern.
In addition to being voted the top risk globally, cyber incidents also ranks as the top peril in 19 different countries. It is the risk small companies are most concerned about, is the cause of business interruption companies fear most, while cyber security resilience ranks as the most concerning environmental, social, and governance (ESG) risk trend.
The frequency of ransomware attacks remains high, with losses increasing as criminals hone their tactics to extort more money, while the average cost of a data-breach is at an all-time high. At the same time, attacks are not just restricted to large companies, increasingly we see more small and midsize businesses impacted
said Scott Sayce, Global Head of Cyber at AGCS and Group Head of the Cyber Center of Competence.
Top exposures
According to Allianz Risk Barometer respondents, a data breach is the exposure which concerns companies most (53%), given data privacy and protection is one of the key cyber risks and related legislation has toughened globally in recent years.
Such incidents can result in significant notification costs, fines and penalties, and also lead to litigation or demands for compensation from affected customers, suppliers and data breach victims, notwithstanding any reputational damage to the impacted company.
The average cost of a data breach reached an all-time high in 2022 of $4.35mn, according to IBM’s annual cost of a data breach report, and is expected to surpass $5mn in 2023, although these numbers constitute small change compared to the costs that can be involved in ‘mega breach’ events.
An increase in data breaches is expected this year, cyber security firm Norton Labs predicts3, as criminals are finding ways to breach standard multi-factor authentication technologies.
An increase in ransomware attacks ranks as the second most important concern (50%). Around the world, the frequency of attacks remains high, as do related claims costs.
The cost of ransomware attacks has increased as criminals have targeted larger companies, supply chains and critical infrastructure – in April 2022 an attack impacted around 30 institutions of the government of Costa Rica, crippling the territory for two months.
Double and triple extortion attacks are now the norm – besides the encryption of systems, sensitive data is increasingly stolen and used as a leverage for extortion demands to business partners, suppliers or customers.
Skill shortages and capacity issues
With all these challenges it is unsurprising that demand for cyber security experts is growing. More and more companies are looking to employ cyber security specialists, but supply is not keeping up with demand.
According to Cybersecurity Ventures, the number of unfilled cyber-security jobs worldwide grew 350% between 2013 and 2021 to 3.5 million6 – enough to fill 50 large football stadiums.
At the same time, IT service providers and consulting firms that conduct forensic examinations of cyber incidents and restore systems are running out of capacity.
In Germany, The Federal Office for Information Security (BSI) has warned of a “fundamental shortage” of personnel for incident response services.
For those who are available to help, surging inflation is increasing their cost. Ultimately, such conditions will affect the ability of some companies to make improvements to cyber security or respond effectively to an incident.