The Cost of Cybersecurity Incidents Is on the Rise, Mainly Due to Human Error or Systems Failure

  • The number of cyber insurance claims is on the rise since 2016
  • Business interruption is more expensive than the incident itself
  • Ransomware is responsible for more than $100 billion in losses

Attacks on companies and organizations generate the most expensive cyber insurance losses. Even so, employee mistakes, misconfigurations, and other technical issues are responsible for most incidents, according to a report from Allianz Global Corporate & Specialty (AGCS).

One of the best ways to evaluate the impact of cybersecurity incidents is to look at cyber insurance claims after the fact. While not all companies have such insurance, those that report cybersecurity-related incidents have a valid reason.

Cyber insurance became more widely available in 2016, and the number of claims has risen every year. According to the report, claims increased from 77 in 2016 to 809 in 2019. In the first three quarters of 2020, 770 claims were already registered, a likely indicator that 2020 will see the largest number of claims yet.

“Losses resulting from external incidents, such as DDoS attacks or phishing and malware/ransomware campaigns, account for the majority of the value of claims analyzed (85%), followed by malicious internal actions (9%) – which are infrequent but can be costly,” according to the press release.

“Accidental internal incidents, such as employee errors while undertaking daily responsibilities, IT or platform outages, systems and software migration problems or loss of data account for over half of cyber claims analyzed by number (54%) but, often, the financial impact of these is limited compared with cyber crime.”

As expected, the biggest problem is not the attack itself, but business interruption, which accounts for 60% of the value of all claims analyzed. Next in line are costs directly related to data breaches.

Of course, the COVID-19 pandemic put its mark on this troublesome year. The displacement of the workforce helped attackers find new ways to compromise networks and systems. Malware and ransomware incidents have reportedly increased by more than a third since the start of 2020.

Ransomware remains a key problem facing both companies cyber insurers. With more than half a million ransomware incidents reported globally in 2019, the costs supported by organizations rose to $6.3 billion, and that number covers only ransom demands and not other expenses like business interruptions. When everything is factored in, costs related to these incidents exceed $100 billion.