Munich Re’s 2020 Cyber Risk Report Sheds Light on Cyber Insurance Awareness Gap

The COVID-19 pandemic exacerbated the threat and likelihood of cyber security breaches for organizations, Munich Re's 2020 cyber risk report found. Despite the growing risk of cyber attacks, companies and organizations are still not utilizing cyber coverage to its fullest advantage.
By: | April 10, 2021

As vaccination rollout continues to expand, we can see some sort of end in sight to the COVID-19 pandemic and a reintroduction to normalcy.

But what we aren’t getting rid of any time soon is the surge of cyber security attacks that have taken place over the past year. What will likely remain is companies’ sheer vulnerability to a cyber attack.

Additionally, we’ve seen a dramatic shift to digitalization — and for good reason. Companies rely heavily on digitization to continue their day-to-day operations.

Munich Re released its Global Cyber Risk and Insurance Survey in early March, reporting on the significant digital and cyber trends that have skyrocketed since the beginning of the pandemic. The report also delves into the necessary insurance response to these cyber threats, a sector of insurance that is still not entirely recognized as legitimate.

The report shows both the opportunities and risks that a more digital workforce presents.

Of course, there are solutions to build and implement “cyber vaccines,” as Munich Re calls it. But, companies and organizations themselves are still not taking full advantage of the cyber insurance products and services that the industry has provided. In response, the industry needs to ensure that they can fill the remaining holes.

The Sweep of Digitalization and the Unknowns of Cyber Insurance

A main takeaway from Munich Re’s report is the idea of digitalization and its now ever-present capabilities, which include 5G, cloud storage and artificial intelligence.

“Increasing digitalization is affecting almost all areas of our lives,” said Martin Kreuzer, risk manager of cyber risks, Munich Re. “As a result, dependencies and risks are changing ever more dynamically and determining the loss scenarios.”

The report found that while everyone is excited about the move towards digitalization, 81% of respondents surveyed believe their company’s preparedness to a cyber attack is inadequate. But, despite the large majority of concern, only 34% of respondents have reached out to their insurance carrier to inquire about cyber protection.

Munich Re found that this hesitancy to tangibly find cyber coverage stems from respondents’ unawareness to what cyber insurance products and services actually exist.

Kreuzer said in addition to a lack of cyber insurance knowledge, many organizations have assumed the potential losses that come from cyber risk are covered in their conventional property or liability policies.

He believes that for organizations, especially ones small- to mid-sized, there needs to be more transparency about the actual cyber risk implications in order to gain a better understanding of cyber insurance capabilities.

The report concludes that because cyber insurance is still not recognized in as high priority as traditional coverage, the potential for cyber insurance products could be hindered.

The Risks that Dominated 2020 

While cyber risk can manifest itself through several avenues, Munich Re found three threats to be the most detrimental: data breaches, ransomware and business email compromises (BEC).

Martin Kreuzer, risk manager of cyber risks, Munich Re

Data breaches are not a new threat, but their reach posed a bigger threat in 2020. An increasing number of data breaches last year included financial, health care and children-related data being extorted. In turn, an average global data breach cost reached $3.86 million.

Ransomware is another threat that increased throughout 2020. Due to increased digitization, IT systems “converged with critical infrastructure and operational technology systems,” Munich Re reported. This makes a ransomware attack that much more debilitating should it occur. When they take place at hospitals or water treatment plants, they could threaten human life.

Additionally, ransomware attacks cost organizations an average of $283,000 — a certain 100% increase from 2019.

BEC scams have increased in the last year, as well, largely due to the difficulty in detecting and mitigating a BEC scam attempt when much of a workforce is remote. An organization could reportedly lose up to $80,000 in a BEC scam, which was an increase from the previous quarter.

The highlighted cyber threats definitively show that pre-COVID cyber risks are not only thriving but are becoming even riskier.

The Need for Cyber Insurance Is More Fervent than Ever

Cyber risk has become mainstream in recent years, accelerated thanks to the pandemic. Where does that leave cyber insurance?

The demand for cyber coverage is only going to grow, Munich Re’s report states. As small- and mid-sized businesses continue to be disproportionately affected by cyber attacks, the need for protection is going to increase.

An uptick in regulation on cyber attacks is also expected to drive demand for cyber insurance. Data protection laws have been passed and enacted globally, thus making the need of insurance against cyber crime vital.

But how can the industry mainstream coverage for a risk that ranks as mainstream itself?

Kreuzer refers back to one word: transparency.

“Transparency about the risk in the organization and about the coverage of the risk in the insurance policies is fundamental to active risk management,” he said.

And Kreuzer is hopeful that coverage for cyber risk is making its way on organizations’ priority list: “By offering a comprehensive and growing range of cyber services, insurance adds value that quickly becomes apparent to organizations when looking at risks in their entirety.”

Though in order to receive the best protection, it is imperative every organization find adequate cyber security coverage. In turn, your own organization’s protection will work towards a greater goal of developing a collaborative protection against cyber threats for all organizations.

We’re all collectively on a quest to reach one type of herd immunity from a coronavirus disease. Let’s add cyber herd immunity to the list. &

Emma Brenner is a staff writer with Risk & Insurance. She can be reached at [email protected].

More from Risk & Insurance