PressNewsBusinessInsurance: When Bytes Bite

When Bytes Bite

Service & Contacts

Allianz Group Communications
Koeniginstr. 28
80802 Munich

Contact overview

Receive the latest Allianz news.


Follow Allianz in the social networks:


  • Contact

  • Newsletter

  • Social Media

The recent WannaCry ransomware attack made a lot of companies wanna cry. As such attacks become more frequent and gain scale, cyber insurance promises to be the next blockbuster in the insurance industry...

Allianz SE
Munich, May 18, 2017

This week, WannaCry, a ransomware program, infected more than 230,000 computers in 150 countries. Hackers demanded payments in bitcoins to allow users to access their data.

The attack hit several large companies, including a major American parcel delivery company, a European car manufacturer and a Spanish telecom company. It disrupted the operations of Britain’s National Health Service and affected some operations of German rail network Deutsche Bahn, among others.

The incident again highlighted how vulnerable companies are to cyber risks – be it a technical glitch, a human error or a cyber attack – and the business interruption that usually follows.

Reuters reported that the total cost of resuming operations could run into billions of dollars for companies, with European and Asian companies particularly vulnerable. As such attacks become more frequent, companies are becoming aware of the need to protect themselves – not just from such attacks but also from the losses that they could bring.

This is why cyber insurance promises to be the next blockbuster in the insurance space, says Hartmut Mai, Chief Underwriting Officer for corporate lines at Allianz Global Corporate & Specialty (AGCS).

While cyber insurance is already a mature market in the United States with an estimated premiums volume of $3 billion, it is still an emerging segment in Europe and Asia.

The need for cyber coverage


Hartmut Mai

Technology is a double-edged sword. On the one hand, it makes processes easier and less time-consuming; on the other, it opens companies up to new risks. Industrial companies are increasingly interlinking their equipment and processes – the so-called Internet of Things (IoT) – to improve their operations but this exposes them to the greater risk of business interruption in case of an attack or a glitch.

“The more the industry integrates supply chains and processes, and digitalizes production into ‘smart factories’, the more vulnerable the long-established industrial companies become as well. For them, the risk of business interruption tends to be paramount,” says Mai. The threat doesn’t always come from hackers. Many a times, it’s just a technical failure or an employee deliberately or accidentally introducing viruses or paralyzing computer systems.

When a crisis unfolds, compensation for financial loss is important, but the support services that often accompany cyber insurance are invaluable. Computer forensics, data and systems recovery as well as professional crisis communication can help a policyholder get back on its feet quickly. “Assistance services, which we provide ourselves or through our partners, are therefore becoming increasingly important,” says Mai.

The challenges

Of course, developing solutions for new risks comes with challenges. Given that cyber crime is a relatively new threat, the insurance industry needs to tread with caution in developing such products.

“We lack historical claims data because it involves an insurance product that is still relatively new in our portfolio. Also, companies shun publicity when they have been victims of a hacking attack because they are worried about their reputation. The duty to report incidents is developing in Europe only gradually,” Mai explains.

The portfolio management of cyber risks is also challenging and the accumulation risks are enormous. Through the digital networking of companies and supply chains, an incident at an individual company can quickly spread like wildfire, immobilizing entire industries.

Imagine the operations of an energy provider or a cloud services provider are disrupted due to a cyber attack. It will trigger numerous policies - not just cyber policies, but also other coverage if property damage and business interruption occur.

“At the moment, the accumulation risk is still manageable because not even 10 percent of companies in Europe have cyber insurance yet,” Mai points out.

However, just like director and officer (D&O) liability coverage, cyber insurance is expected to become the standard for European companies over the medium term. “Cyber insurance will be a blockbuster – and we must prepare ourselves for it. When the much stricter data protection regulations take effect in Europe in 2018, not just big corporations but also mid-market and smaller companies will want to buy cyber coverage,” Mai says.

Other Allianz subsidiaries such as Allianz Germany and Allianz Suisse have recently started offering dedicated cyber products for small and mid-sized companies. Allianz Germany, for example, offers cyber insurance for companies with an annual revenue up to 150 million euros. For ransomware attacks such as WannaCry, a customer also needs to buy cover for extortion incidents, which Allianz Germany offers as a special cover.

Data as a tool

According to Mai, insurers have to consider evaluating the technical standards and the information technology maturity of a company differently. “Individual risk dialogues and detailed IT and process audits that we usually do for large companies would be too complex for smaller and mid-sized companies,” he says.

“Going forward, we aim to increase our automated cyber risk analytic capability by cooperating with data analytics companies. They use IP address-based screening, linguistic algorithms and other comparable methods to evaluate the level of IT security of a company. Such cyber resilience ratings could especially help us offer cyber coverage to small and medium-sized businesses and retail clients through digital distribution platforms,” Mai adds.

C for cyber strategy

Given the frequency of cyber events in the recent past, there’s no denying that cyber security and related insurance will soon become an important part of corporate risk management strategies.

“In 2016, AGCS generated premiums in the mid-range double-digit millions with our cyber policies. Demand and policy transactions continued to increase significantly in the first quarter. No management board member or Chief Information Officer has any doubts about the danger anymore even if their IT security is state-of-the-art.” 

The market is gathering steam and we will likely see more modular cyber solutions that can be adapted individually to a particular company.

At the moment, AGCS limits its share of cyber coverage to 100 million euros per client as the market is still new and the risks are harder to assess. For individual companies, up to 500 million euros capacity is available in the cyber insurance market.

As a new ‘normal’ emerges, companies may not be able to completely avoid the bite of bytes. What they can do, is ensure that the pain is minimal.

  Forward Looking Statement disclaimer

As with all content published on this site, these statements are subject to our Forward Looking Statement disclaimer:


  Press contact

Heidi Polke
Allianz Global Corporate & Specialty
Phone: +49 89 3800 14303

Send email

  More at

Beware of generation generalizations

Allianz-Beware of generation generalizations
Nov 20, 2017 | Allianz SE

Shortly before the stroke of midnight on December 31, the last-born millennial will turn 18 – marking a generational milestone...


Allianz study: millennials optimistic despite gloomy expectations

Allianz-Allianz expands footprint in China with new Beijing branch
Nov 20, 2017 | Allianz SE

Millennials believe the world is more difficult and complex than their parents faced at the same age and are gloomy about the career prospects of their generation. They expect artificial intelligence and robotics to disrupt the workplace, and that employment insecurity and pressure in the workplace to perform will increase. 


Allianz reports 2.5 billion euros operating profit in 3Q 2017; on track for full-year target

Allianz-Allianz reports 2.5 billion euros operating profit in 3Q 2017; on track for full-year target
Nov 09, 2017 | Allianz SE

Allianz Group reported good results for the third quarter of 2017 after a series of hurricanes, storms and other natural catastrophes drove claims higher. Total revenues rose 2.1 percent compared to the third quarter of 2016 to 28.3 (third quarter of 2016: 27.7) billion euros, mostly due to another strong performance in the Life and Health business segment. Operating profit declined to 2.5 (3.0) billion euros, largely due to 529 million euros losses from natural catastrophes.