How cyber threats grew from afterthought to top global concern

The threat of a cyber incident was a distant concern for companies around the world just seven years ago. It ranked 15th back then on a list of major business concerns, according to the annual Allianz Risk Barometer report. Today, it tops the list.

Why? The growth of digital dependence has exploded, with high-profile incidents capturing the attention of leaders big and small, explains Linda Regner Dykeman, chief agent of Canada for Allianz Global Corporate & Specialty. Cyber incidents took over the top spot from business interruption, which slipped to second this year after a seven-year run on top.

“Technology has rapidly changed over those seven years; seven years ago, we weren’t as connected,” Regner Dykeman tells Canadian Underwriter. “We didn’t have as much of a reliance on technology that we do today. Technology itself is evolving rapidly so, therefore, the concern then becomes greater. As technology evolves and we have a heavier reliance on that particular tool or way of doing business, the concern around that business risk increased along with it.”

Regner Dykeman remembers back to a time when data breaches weren’t on anyone’s radar. It wasn’t until 2015 when a group calling itself The Impact Team stole user data from Ashley Madison, a website that billed itself as enabling extramarital affairs, in a data breach that affected more than 30 million people in 40-plus countries. That’s when cyber incidents hit the mainstream.

Nowadays, people are shopping online more, so more data is being collected online. Companies are doing more of their business virtually as well. “You can’t do business without a computer system,” says Regner Dykeman. “As you automate more, use technology more, and gather more data, you’re connected with individuals; you do online business; people shop and buy from you online; and the cyber risk becomes greater. There’s more of an onus on companies that collect private information to keep, retain, and protect that information.”

It’s always a challenge to keep up with cybercriminals, who are always one step ahead, Regner Dykeman adds. “They know what we’re doing and find ways to crack [our security codes] and get the data they need to commit crimes. These incidents are becoming more frequent. Businesses are looking at it and saying, ‘Well if Desjardins, Capital One, and Marriott can be compromised, certainly I can be.’”

Ransomware demands have also escalated, she points out. Years ago, cybercriminals may have been happy with a five-figure payoff; now, that number has climbed to hundreds of thousands – if not millions – of dollars. Insuring such a risk has become necessary.

“The cost of cyber breaches has also escalated, and they’re going to continue to increase as regulation widens in scope,” Regner Dykeman predicts. “Class actions are becoming more common; they have an impact on the cost of dealing with the breach. Cost of the incident escalates further with the business interruption they cause.

“If a cybercriminal shuts you down, now you’re shut down for days, weeks, months. You’ve got a huge business interruption exposure – you can’t do business. You can’t sell your product; potentially, you can’t receive component parts from other countries. If someone shuts you down, you’re unable to order the parts you need to manufacture your product or do business globally as well.”