For the first time, “cyber incidents” tops the list of business risks in an annual survey of 2,700 risk management experts by global insurance company Allianz, passing the long-time survey leader, “business interruption.” “Increasing reliance on their data and IT systems and a number of high-profile incidents” drove cyber risk awareness to the top, up from #15 just seven years ago, the company writes.
Some of the cyber risk scenarios highlighted in the Allianz report:
- Data breaches, the main type of cyber incident reported. “Dealing with a mega breach (involving more than one million records) now costs $42mn on average – up 8% year-on-year. Breaches in excess of 50 million records cost $388mn on average – up 11%.”
- Penalties generated by regulations on data protection and privacy. “The General Data Protection Regulation (GDPR) which came into force in Europe in 2018 will likely bring a further wave of fines in 2020. Over 200,000 cases were reported in the first nine months of its implementation.”
- Ransomware losses. “Industrial and manufacturing firms are increasingly targeted but losses tend to be highest for law firms, consultants and architects, for which IT systems and data are their life blood.”
- Social engineering and phishing “have resulted in worldwide losses of $26bn since 2016 according to the FBI.”
- M&A-generated liabilities. “Even the best protected companies will be exposed if they acquire a company with existing vulnerabilities.”
The Allianz study is another proof point for the proposition that cyber risk = business risk, driving the movement to cyber risk quantification in financial terms by risk managers and cybersecurity defenders. With the RiskLens Platform, incorporating the standard FAIR™ model for quantifying cyber and operational risk, organizations can make decisions on insurance purchases, security investments, M&A due diligence or regulations compliance informed by a clear picture of their risks based on probable financial loss. The onus is now on security teams to learn to speak the language of the business in communicating cyber risk. Learn more.
Read the Allianz Global Corporate & Specialty Risk Barometer Report for 2020.