Cyber insurance: DDoS and blackmail cause the most expensive damage

A growing number of companies are turning to cyber insurance to minimize potential economic damage from digital attacks. In discussions with the insurance company, individual risks can be assessed and covered as required. The higher the calculated risk, the more expensive the premium at which the insurer agrees to assume the risk and provide coverage in the event of damage. After all, cyberattacks can cause immense damage, not only to the affected companies themselves, but also to third parties. Ideally, insurers will then settle the costs incurred, for example, for the recovery of IT systems or claims for damages from customers due to data loss.

Cyberattacks cause damage in the millions

DDoS, phishing, and ransomware attacks currently account for 85% of the damage. An additional 9% is caused by malicious internal actions, and 6% by unintentional internal incidents. This is according to an analysis by Allianz Global Corporate & Specialty (AGCS), for which the insurer reviewed more than 1,700 cyber damage reports from the years 2015 to 2020 totaling 660 million euros.

Human and technical failure are the most frequent causes of problems

Unintentional internal incidents such as employee errors when performing daily tasks, IT or platform failures, problems related to migrating systems and software, or data loss were the cause of more than half (54%) of the cyber claims analyzed, measured by the number of claims reports. Cybercrime (DDoS, ransomware, phishing, etc.) accounts for 43% of filed claims, malicious internal actions for 3%.

Trend of losses continues to rise

Overall, the number of reported cyber insurance claims has risen continuously over the past few years: from 77 in 2016 to 809 in 2019. This year, AGCS has already received 770 insurance claims in the first three quarters. This trend is likely to continue in the future, as DDoS and ransomware attacks against companies are on the rise and becoming increasingly complex.

The better the level of protection, the lower the premiums

This is where companies need to counteract with wide-ranging preventive measures to maximize their level of protection. Meeting with the insurance company is only one item on the agenda. Others include obtaining detailed legal advice on liability issues, clarifying responsibilities in the event of an attack, and above all awareness training for employees. Equally important are rigorous monitoring, thorough auditing, and, where possible, penetration testing for both internal processes and externally connected endpoints. Cyberrisks can only be effectively minimized by the perfect interaction of man and machine, as practiced for decades in aerospace.

Professional managed security service providers with industry experience that identify and address potential problem areas can help companies implement complex security and defense strategies. They actively contribute to lowering the risk of occurrence, which usually results in a lower premium for the policyholder when taking out cyber insurance.

Highly certified protection for companies

As a German technology manufacturer, Myra Security offers a secure, certified Security-as-a-Service platform for protecting digital business processes. Smart Myra technology monitors, analyzes, and filters malicious internet traffic before virtual attacks can do any real harm. Myra DDoS protection is also certified by the German Federal Office for Information Security [Bundesamt für Sicherheit in der Informationstechnik (BSI)] for Critical Infrastructures (KRITIS) according to ISO 27001 on the basis of basic IT protection.