Allianz: Companies need to strengthen cyber controls to counter ransomware pandemic

During the Covid-19 crisis another outbreak has happened in cyber space: a digital pandemic driven by ransomware. Malware attacks that encrypt company data and systems and demand a ransom payment for release are surging globally. The increasing frequency and severity of ransomware incidents is driven by several factors: the growing number of different attack patterns such as ‘double’ and ‘triple’ extortion campaigns; a criminal business model around ‘ransomware as a service’ and cryptocurrencies; the recent skyrocketing of ransom demands; and the rise of supply chain attacks. In a new report, cyber insurer Allianz Global Corporate & Specialty (AGCS) analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.

“The number of ransomware attacks may even increase before the situation gets better,” says Scott Sayce, Global Head of Cyber at AGCS. “Not all attacks are targeted. Criminals also adopt a scattergun approach to exploit those businesses that aren’t addressing or understanding the vulnerabilities they may have. As insurers we must continue to work with our clients to help businesses understand the need to strengthen their controls. At the same time, in today’s rapidly evolving cyber insurance market, providing emergency response services, as well as financial compensation, is now the standard.”

Follow Allianz Global & Corporate Specialty on Twitter @AGCS_Insurance#cyberrisktrends

Click here  to download the report.

Cyber intrusion activity globally jumped 125% in the first half of 2021 compared to the previous year, according to Accenture, with ransomware and extortion operations one of the major contributors behind this increase. According to the FBI, there was a 62% increase in ransomware incidents in the US in the same period that followed an increase of 20% for the full year 2020. These cyber risks trends are mirrored in AGCS’ own claims experience. AGCS was involved in over a thousand cyber claims overall in 2020, up from around 80 in 2016; the number of ransomware claims (90) rose by 50% compared to 2019 (60). In general, losses resulting from external cyber incidents such as ransomware or Distributed Denial of Service (DDoS) attacks account for most of the value of all cyber claims analyzed by AGCS over the past six years.

Increasing reliance on digitalization, the surge in remote working during Covid-19, and IT budget constraints are just some of the reasons why IT vulnerabilities have intensified, offering countless access points for criminals to exploit. The wider adoption of cryptocurrencies, such as Bitcoin, which enable anonymous payments, is another key factor in the rise of ransomware incidents.

Five areas of focus

In the report, AGCS identifies five trends in the ransomware space, although these are constantly evolving and can quickly change in the ‘cat and mouse’ race between cyber criminals and companies:

  • The development of ‘ransomware as a service’ has made it easier for criminals to carry out attacks. Run like a commercial business, hacker groups such as REvil and Darkside sell or rent their hacking tools to others. They also provide a range of support services. As a result, many more malicious threat actors are operating.
  • From single to double to triple extortion... ‘Double extortion’ tactics are on the rise. Criminals combine the initial encryption of data or systems, or increasingly even their back-ups, with a secondary form of extortion, such as the threat to release sensitive or personal data. In such a scenario, affected companies have to manage the possibility of both a major business interruption and a data breach event, which can significantly increase the final cost of the incident. ‘Triple extortion’ incidents can combine DDoS attacks, file encryption and data theft – and don’t just target one company, but potentially also its customers and business partners. A notable case was a psychotherapy clinic in Finland – a ransom was demanded from the hospital. At the same time, smaller sums were also demanded from patients in return for not disclosing their personal information.
  • Supply chain attacks the next big thing: There are two main types – those that target software/IT services providers and use them to spread the malware (for example, the Kaseya or Solarwinds attacks). Or those that target physical supply chains or critical infrastructure, such as the one which impacted Colonial Pipeline. Service providers are likely to become prime targets as they often supply hundreds or thousands of businesses with software solutions and therefore offer criminals the chance of a higher payout.
  • Ransom dynamics: Ransom demands have rocketed over the past 18 months. According to Palo Alto Networks, the average extortion demand in the US was $5.3mn in the first half of 2021, a 518% increase on the 2020 average; the highest demand was $50mn, up from $30mn the previous year. The average amount paid to hackers is around 10 times lower than the average demand, but this general upward trend is alarming.
  • To pay or not to pay: Ransom payment is a controversial topic. Law enforcement agencies typically advise against paying extortion demands to not further incentivize attacks. Even when a company decides to pay a ransom, the damage may have already been done. Restoring systems and enabling the recovery of the business is a huge undertaking, even when a company has the decryption key. 

Business interruption and recovery costs main drivers of losses

Business interruption and restoration costs are the biggest drivers behind cyber losses such as ransomware attacks, according to AGCS claims analysis. They account for over 50% of the value of close to 3,000 insurance industry cyber claims worth around €750mn ($885mn) it has been involved in over six years.

The average total cost of recovery and downtime – on average 23 days – from a ransomware attack more than doubled over the past year, increasing from $761,106 to $1.85mn in 2021.

The surge in ransomware attacks in recent years has triggered a major shift in the cyber insurance market. Cyber insurance rates have been rising, according to broker Marsh, while capacity has tightened. Underwriters are placing increasing scrutiny on the cyber security controls employed by companies.

“Three out of four companies do not meet AGCS’ requirements for cyber security,” explains Marek Stanislawski, Global Cyber Underwriting Lead at AGCS. “Companies need to invest in cyber security. Losses can be avoided if organizations follow best practices. A house with an open door is much more likely to be burgled than a locked house.” 

Checklist with IT security best practices

AGCS has published a checklist with recommendations for effective cyber risk management. “In around 80% of ransomware incidents losses could have been avoided if the organizations had followed best practices. Regular patching, multi-factor authentication, as well as information security and awareness training and incident response planning are essential to avoiding ransomware attacks and also constitute good cyber hygiene,” says Rishi Baviskar, Global Cyber Experts Leader at AGCS Risk Consulting. “If companies adhere to best practice recommendations there is a good chance that they will not become ransomware victims. Numerous security gaps can be closed, often with simple measures.”

In the event of an attack, cyber insurance coverage has evolved to provide emergency incident response services that typically include access to a professional crisis manager, IT forensic support and legal advisory. Further offerings include IT security training for employees and assistance with the development of a cyber crisis management plan.

Follow Allianz Global Corporate & Specialty (AGCS) on LinkedIn.

Allianz Commercial is the center of expertise and global line of Allianz Group for insuring mid-sized businesses, large enterprises and specialist risks. Among our customers are the world’s largest consumer brands, financial institutions and industry players, the global aviation and shipping industry as well as family-owned and medium enterprises which are the backbone of the economy. We also cover unique risks such as offshore wind parks, infrastructure projects or Hollywood film productions. Powered by the employees, financial strength, and network of the world’s #1 insurance brand, we work together to help our customers prepare for what’s ahead: They trust on us for providing a wide range of traditional and alternative risk transfer solutions, outstanding risk consulting and Multinational services as well as seamless claims handling. Allianz Commercial brings together the large corporate insurance business of Allianz Global Corporate & Specialty (AGCS) and the commercial insurance business of national Allianz Property & Casualty entities serving mid-sized companies. We are present in over 200 countries and territories either though our own teams or the Allianz Group network and partners. In 2022, the integrated business of Allianz Commercial generated more than €19 billion gross premium globally.

These assessments are, as always, subject to the disclaimer provided below.

The Allianz Group is one of the world's leading insurers and asset managers with around 125 million* private and corporate customers in nearly 70 countries. Allianz customers benefit from a broad range of personal and corporate insurance services, ranging from property, life and health insurance to assistance services to credit insurance and global business insurance. Allianz is one of the world’s largest investors, managing around 746 billion euros** on behalf of its insurance customers. Furthermore, our asset managers PIMCO and Allianz Global Investors manage about 1.8 trillion euros** of third-party assets. Thanks to our systematic integration of ecological and social criteria in our business processes and investment decisions, we are among the leaders in the insurance industry in the Dow Jones Sustainability Index. In 2023, over 157,000 employees achieved total business volume of 161.7 billion euros and an operating profit of 14.7 billion euros for the group.
* Including non-consolidated entities with Allianz customers.
** As of March 31, 2024.
Lesiba Sethoga
Allianz Commercial (Johannesburg)
Daniel Aschoff
Allianz Global Corporate & Specialty (Munich)
Olivia Smith
Allianz Commercial (Rotterdam)
Ailsa Sayers
Allianz Commercial (London)
Sabrina Glavan
Allianz Commercial (New York)
Camila Corsini
Allianz Commercial (Sao Paolo)
Heidi Polke
Allianz SE
Florence Claret
Allianz Commercial (Paris)
Wendy Koh
Allianz Commercial (Singapore)
As with all content published on this site, these statements are subject to our cautionary note regarding forward-looking statements:

Further information

Nearly half of Americans expect slow transition into retirement

Americans’ view of retirement is shifting as nearly half of Americans think about retirement as a slow transition away from full-time work rather than a distinct day in the future to leave the workforce, according to the 2024 Annual Retirement Study from Allianz Life Insurance Company of North America (Allianz Life).

Allianz Trade & Inclusive Brains join forces to foster the inclusion of people with disabilities

Allianz Trade, the world’s leading trade credit insurer and Inclusive Brains, a French start-up developing a new generation of neural interfaces powered by generative Artificial Intelligence (AI), have partnered to develop Prometheus, a new kind of brain-machine interface that transforms diverse neurophysiological data (brainwaves, heart activity, facial expressions, eye-movements) into mental commands.

Survey Reveals Loss of Trust but High Expectations for US-German Partnership

“The State of Trust and the US-German Partnership: A Transatlantic Survey” conducted in March 2024 finds Americans and Germans are less confident in the partnership and its future than they were two years ago. Trade, common interests, and military alliance remain bedrocks of transatlantic partnership’s foundation.