Cyber risks are changing very quickly. What are currently the most imminent threats for companies?
Lohmann: Cyber crimes such as malware operations and data breaches make headlines almost every day. Just take the recent hacker attack on Sony Pictures. Many of today’s cyber criminals conduct surveillance operations to systematically obtain valuable information from companies such as customer or credit-card data or intellectual property, or they blackmail companies. New technologies such as cloud computing are also fueling a rise in security risks as they could diminish a company’s ability to protect confidential data and critical internal software solutions. Another current security problem is posed by the sharp increase of mobile devices. Slowly but surely, they are becoming the central access device to company applications and all sorts of data. The amount of mobile “malware” for Android platforms alone skyrocketed by 400 percent compared with 2012. This development is further complicated by the fact that mobile users appear to be less concerned about security.
Can you explain the losses and problems that a business endures following a cyber attack?
Cyber crime costs Germany about 1.6 percent of the gross domestic product. Companies may suffer from business interruption or have to reconstitute lost or manipulated data. There are also third-party losses or possible costs for regulatory proceedings or crisis communication. Beyond financial losses, a company’s reputation is often damaged when customer data have been misused or websites or online-shops are temporarily unavailable. Customers may feel that the company is unable to keep their interests safe after they are infiltrated. According to the Edelman Privacy Risk Index 71 percent of customers say they would leave an organization after a data breach.
What industries are affected the most by cyber attacks?
Every company that stores and manages data is threatened by cyber crime, though some sectors are more exposed than others. Financial services and retail are common targets; however, attacks towards manufacturing or energy companies are on the rise. According to a survey carried out by the German Engineering Association (VDMA), around one-third of German companies in the plant and engineering industry have already recorded production outages as a result of IT security incidents. Factories are becoming more and more digital and rely heavily on automation and machinery software. Given the fact that the internet will be used in the future to pass on remote-control commands and information to increasing numbers of production machines, vehicles and power grids, it is easy to understand why security experts are warning about increased risks for these industrial sectors.
When a company wishes to take out cyber insurance to protect their business, how does an insurer assess a company’s risk profile?
Before offering a cyber insurance policy, AGCS risk engineers specialized in IT perform a detailed advance assessment of a company’s IT processes and security management. So we better understand a company’s IT maturity and also its overall risk culture. What is important is that prevention and continuous improvement of a company's own weaknesses take priority. On top of that, AGCS along with its cooperation partner T-Systems also offers a one-day cyber risk workshop to better understand a company’s cyber risk exposure and develop an initial action plan to be shared with the company’s top executives. Improving processes and IT security will certainly help to reduce security gaps. However, IT managers of many of our clients tell us that 100 percent security doesn’t exist. Each company has to decide what to do with their residual cyber risks: They can accept, control or prevent them – or transfer them to insurance.
With Allianz Cyber Protect, Allianz Global Corporate & Specialty (AGCS) is offering a cyber insurance solution that provides a limit of indemnity up to EUR 100 million. It includes both office and production IT systems and is available to companies from all sectors in Germany. The cyber insurance is also offered in other European countries and Asia.
