Personal data from all 3.9 million customers, plus extensive information from medical records – a cyber attack on the Australian health insurer Medibank will cost the company dearly. The country’s largest private health insurer expects costs of at least 25 million Australian dollars (16 million euros), for example for offers of help for its customers. This does not even include costs for claims for damages and legal disputes. The insurer had to withdraw its outlook for the current financial year.
Lucky in disguise: The attack was not a ransomware attack in which cybercriminals encrypt data or systems, the company said. Normal business activities can therefore continue. The insurer still has to bear the costs himself, according to his own statements he has not taken out any cyber insurance.
Criminals demand ransom for encrypted data
Cyber criminals are increasingly attacking companies with ransomware. With the help of so-called ransomware, they encrypt data on other people’s computers and demand a ransom in order to release the data again. There were 623 million such ransomware attacks last year – twice as many as in 2020, according to a recent report by Allianz subsidiary Allianz Global Corporate & Specialty (AGCS).
The attacks on their systems are harming companies more than before. “The cost of ransomware attacks has increased as criminals have targeted larger enterprises, critical infrastructure and supply chains,” said Scott Sayce, Global Head of Cyber at AGCS and Group Head of Allianz’s Cyber Center of Competence. According to AGCS, claims from ransomware attacks accounted for more than half of all cyber insurance claims that AGCS had insured jointly with other companies in the past two years.
Last year, companies that had taken out a cyber policy with AGCS reported more than a thousand cyber insurance claims. In 2020 there were 1114 cases, in 2019 849. According to the report, claims activity has stabilized this year. The fluctuations within a year in cyber claims are striking: in 2021, AGCS registered almost 60 percent of claims in the fourth quarter.
Criminals no longer just encrypt data. They are now using tactics that double or even triple blackmail the affected companies. During their attacks, they steal sensitive data for which they demand even more ransom. According to the cyber report, if the attackers swindle data relating to business partners or customers, they also make demands against them.
The blackmailers research the finances of the companies in advance
The number of duplicate ransomware attacks has increased six-fold in 2021. In the first half of the year, the damage increased to 590 million dollars (594 million euros). Marek Stanislawski, Global Cyber Underwriting Lead at AGCS says: “Ransom demands are now bespoke. Groups are investing resources to determine the ‘right’ amount.” So they research a company’s finances first before making any claims.
In addition, according to the report, small and medium-sized companies are increasingly being targeted by blackmailers. While large companies are beefing up their cyber security, smaller ones are lacking in financial resources.
Many companies consider cyber incidents to be one of the most significant business risks. The insurers are also worried about the division in which the companies are writing deep red times. According to the insurance association GDV, the loss and expense ratio was just under 124 percent last year. This means that the insurers had to spend EUR 1.24 on damages and costs for every EUR 1 in premiums collected.
By no means every company that wants to buy insurance gets it
The insurers have therefore increased the prices drastically. At AGCS, too, they have increased by around 40 percent. The provider currently sees no relaxation in the market. In addition, the insurers take a close look at the cyber security of the companies before signing the contract. By no means every company that wants to buy a policy gets one. Many companies are now considered uninsurable. The Allianz subsidiary rejects around three quarters of all inquiries in Germany.
The insurer identified other trends in the report. In the so-called Business Email Compromise (BEC), scammers use phishing emails or social engineering to steal data or make unauthorized transfers. The perpetrators are increasingly using artificial intelligence to attack. They use fake video and audio recordings impersonating executives to trick employees into transferring money to their accounts.
The cybersecurity sector is also plagued by a shortage of skilled workers. According to the report, almost 3.5 million vacancies in corporate IT security worldwide. A cyber attack does not always have to end as costly as it did with the Australian insurer Medibank. The Swiss insurer Baloise got off lightly in a hacker attack in April of this year. Some affected IT systems had to be isolated, but this only led to short-term failures in sales.
Nevertheless, the cyber incident is still having an impact today: the company’s data is still being offered on the dark web. “These are about a dozen copies of the passports of employees who took part in a business trip,” said a spokesman. The employees concerned and the data protection authority were informed immediately.