Geopolitics and ransomware attacks lead the list of cyberrisk concerns for global businesses, according to Allianz. In addition, businesses say they are worried about government-backed attacks against companies, infrastructure and supply chains because of the war in Ukraine and other global, political tensions.

“The cyber risk landscape doesn’t allow for any resting on laurels,” said Scott Sayce, global head of cyber at Allianz Global Corporate and Specialty. “Ransomware and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war.”

Costly

In the first part of 2022, Europe saw an increased number of cyberattacks – even though the number of attacks was down during that period by 23 per cent globally. Businesses and organisations expect to pay out an estimated $30 billion in damages from ransomware during this year.

Risk managers have stepped up to deal with the threat, according to a report by Swiss Re. “Firms, insurers and public authorities have redoubled risk management efforts, and industry associations and insurers have worked together to address the related issue of ‘silent cyber’ by clarifying the scope of traditional policies,” it said. Silent cyber is risk that is neither explicitly covered nor excluded by an insurance policy leaving the scope of such a policy vague.

Insurance concerns

Risk managers increasingly use insurance to help protect their businesses from losses arising from cyberattacks. But premium prices are increasing and what can be insured under such policies is decreasing, according to a Advisen-Zurich survey.

“Our latest survey shows that many respondents recognize cyber threats and claims have increased in frequency and severity, but some business leaders struggle with the extent of the impact on insurance costs, policy terms and risk selection,” said Michelle Chia, head of professional liability and cyber at Zurich North America.

Businesses have stepped up measures to protect themselves against hackers. For example, Zurich found that over half (52 per cent) had reviewed IT vendor management in light of geopolitical events. In addition, 62 per cent said they were enhancing employee training in cyber. But while most (81 per cent) said they had cyber incident response plans, only 60 per cent of those tested their plans regularly.