Firms ‘distracted’ from cyber insurance risk, Beazley warns

Business leaders risk being 'distracted' from the nature of cyber risk by emerging technologies like AI, according to insurance company Beazley

Businesses risk being ‘distracted’ from the ceaseless nature of cyber risk, according to a new report published today by specialist insurer Beazley.

The number of business leaders citing cyber risk as their main concern fell from 34% last year to just 27% this year, the research says. In contrast, 26% of leaders surveyed think tech obsolescence and the threat of new technology is their biggest concern, with another 24% believing it to be IP theft.

Paul Bantick, Group Head of Cyber Risks at Beazley, says: “These threats are fast-evolving and unfamiliar, with many companies being caught on the back-foot when dealing with the risk. For the insurance industry, working with clients to help them tackle these challenges is vital to ensuring businesses operate in as safe an environment as possible.”

Despite the complex risk landscape, many business leaders still feel confident about their chances in the event of a cyber incident. Almost three-quarters (74%) said they were ‘very prepared’ or ‘moderately prepared’ for such an attack – although this is down from 80% last year.

The way industry insiders perceive threats does not always correlate with the actual threat landscape, and indeed there are still some strong threats facing businesses. One of the most prominent is the risk of ransomware attacks, which are on the rise. On average, Beazley says that 13% of company losses are caused by ‘fraudulent instruction’ – up six percentage points from 2020.

Is Russia-Ukraine war still a cyber threat?

Geopolitical events and social factors have a massive impact on the cyber threat landscape. Criminals adapted their approach during the pandemic, when the world of work was turned on its head, and supply chain vulnerabilities have also caused them to increase pressure on the manufacturing sector – which replaced financial services as the prime target for the last two years running, according to IBM X-Force.

So, when Russia invaded Ukraine in February 2022, experts warned that it would lead to a spike in malicious activity. “A number of prominent cyber gangs split over their allegiances when the conflict started,” Beazley says in the latest report. “This may have led to a reduction in the number of ransomware attacks, but it hasn’t led to a reduction in cyber incidents.”

In fact, Russian-sponsored cyber attackers increased their targeting of NATO countries by over 300% last year, Beazley says. As the war continues, more organisations and businesses could find themselves in the line of fire.

Meghan Hannes, Head of US Cyber & Tech Underwriting Management at Beazley, explains: “The frequency and severity of cyber risks has fallen as the Ukraine-Russia conflict split cyber gangs. However, this isn’t a new normal and the situation is becoming uglier by the day as new threat actors emerge and look to make up lost profits. Cyber protection cannot be a blind spot for businesses in 2023.”

Too small for cyber insurance?

There is no doubting the scale of cyber risk; according to Cybersecurity Ventures, cyber crime is predicted to cost businesses US$10.5tn globally by 2025, representing a 300% increase on 2015 levels. Yet business leaders often perceive the threat level to be diminishing.

Amid a cost-of-living crisis and high inflation, where corporate budgets are being put under immense pressure, small-and-medium-sized businesses (SMEs) report feeling increasingly helpless against the risk of cyber attack.

Firms with revenues between US$250,000 and US$1m feel six percentage points less prepared to deal with cyber risks than they did in 2022; while some criminal groups are using SMEs’ security systems as a training ground for new hackers.

Paul Bantick continues: “Business leaders are finding it a struggle to keep up with the constantly evolving cyber threat. Worryingly, they appear less concerned by cyber risk than a couple of years ago. This could be because they have been lulled into a false sense of security as the war in Ukraine led to a temporary reduction in the ransomware threat level when a number of cyber gangs splintered, but this situation is only temporary.

“As the MOVEit hack has proved, the bad actors are always looking for new ways to attack with tactics ranging from third-party supplier attacks to more sophisticated social engineering and phishing attack techniques. Businesses of all sizes and across all industries cannot afford to take their eye off the ball, just at a moment when cyber criminals are starting to look to make up for profits lost over the past 18 months.”


Featured Articles

Insurtech unicorn bolttech takes on extra $50m in funding

Insurtech unicorn bolttech has taken on an extra US$50m in funding from Leapfrog Investments as part of the insurtech's Series B extension

Allianz wants to 'lead by example' with new net-zero targets

Allianz has said it wants to "lead by example" after announcing ambitious new targets to make its investment and underwriting portfolios net zero

Insurtech pricing solution Akur8 seals $25m in fresh funding

Akur8, whose insurtech solution is used by actuaries to build pricing models across all insurance lines, has received backing from Guidewire and FinTLV

Beazley launches tornado parametric insurance using NWS data


Alex Dalyac: Founding AI-based insurtech Tractable

Technology & AI

Saudi Arabia: 'solid' framework to guide insurtech sector