Is cyber crime insurance feeding on itself?

Summary: A large increase in the number of cyber attacks over the past few years brought with it increased demand for cyber crime insurance, driving premiums higher. However with the vast majority of companies targeted by ransomware paying the demanded ransoms - ultimately paid by the insurance companies - the incentive to commit these crimes has increased, leading to a vicious circle.

Why this is important: With the COVID pandemic accelerating the digitalisation of the world, securing our data and digital assets becomes ever more crucial.

The big theme: The transition to a digital economy is an important sustainability theme both from the emergence of new vulnerabilities such as cyber crime and from shifting energy requirements and potential emissions issues. There are a number of ways in which corporates, the financial sector including insurance, and investors can help mitigate those vulnerabilities and support innovation to ensure that the digitalisation of our lives does not compromise other sustainability objectives.

Summary of a story from The Conversation

In the early stages of the COVID pandemic there was an enormous increase in the number of cyber-attacks, according to a study from the University of Leeds. Global cyber security firm Sophos found that almost double the proportion of firms in their survey across 31 countries were hit by ransomware in 2021 compared with 2020 with the average ransom paid increasing 5x to more than £700,000. A study by security firm Proofpoint found that 82% of UK organisations chose to pay the ransom demanded, i.e. insurance companies are paying out on the policies. They also found that only four percent of organisations that paid a ransom were subsequently unable to retrieve their data further driving the incentive to comply and criminals to persist with attacks.