Cyber trends to watch in 2022
Cyber intrusion activity globally jumped 125% in the first half of 2021 compared with the previous year, according to , with ransomware and extortion operations top two contributors behind this triple‑digit increase. There is little evidence that ransomware attacks show any sign of letting up. Weak cyber security, challenging conditions for law enforcement and cryptocurrencies are creating fertile ground for criminals, who continue to find lucrative rewards with little risk of prosecution.
The frequency and severity of attacks has escalated in the past two years. According to the  there was a 62% increase in ransomware incidents through the first six months of 2021 in the US, which followed a 20% increase in the number of incidents for the whole of 2020 and a 225% increase in ransom demands. Globally, across 2021 ransomware attacks are estimated to cost businesses around $20bn, according to , a total predicted to reach $265bn by 2031.
Ransomware has become a real menace for businesses across all sectors. And with no easy remedy in sight, the onus is on individual companies to invest in cyber security and make life harder for gangs. Those companies that take steps to prevent attacks and mitigate the impact will be far less likely to fall victim to ransomware.
“The number of ransomware attacks may even increase before the situation gets better. As insurers we have to continue to work with our clients using a combination of policy and service improvements to help businesses understand the need to strengthen their controls,” says Scott Sayce, Global Head of Cyber at AGCS and the Global Head of the Cyber Center of Competence for AGCS and the Allianz Group.
From $40 a month subscription – ransomware as a business
Cyber extortion, and ransomware in particular, has become big business. Attacks have increased as criminals have become more organized, refining their tactics and business models. The development of ‘ransomware as a service’ (RaaS), for example, has made it easier for criminals to carry out attacks. Run like a commercial business, RaaS groups like REvil and Darkside sell or rent their hacking tools to those who carry out the attacks and extort victims. They also provide a range of support services, including helplines and ransomware negotiation services.
RaaS has lowered the barriers to entry and enabled criminals to scale up their efforts and ramp up their attacks. Even those with little technical knowledge can launch ransomware attacks using RaaS. From as little as a $40 per month subscription, successful attacks can yield many thousands of dollars from ransomware payments. REvil, may have collected close to $100mn in ransom payments in just the first six months of 2021, according to .
More threat actors, more attacks, more claims
The combination of high rewards and low risk for cyber criminals means that ransomware is here to stay, at least for the foreseeable future, according to Marek Stanislawski, Global Cyber Underwriting Lead at AGCS.
“The knowledge threshold to carry out attacks is relatively low and ransomware tools are more easily accessible. Together with cryptocurrencies and the relative ease with which gangs can avoid detection and prosecution, ransomware is an area where criminals can easily thrive.”
Our increasing reliance on digitalization, the surge in remote working following Covid‑19, and IT budget constraints are just some of the reasons why IT vulnerabilities have intensified and there are now countless numbers of access points for criminals to exploit. Initial attacks are typically automated, with many cyber gangs previously limited by the human capacity required to follow up on attacks. However, that capacity has been increasing as gangs have invested in additional resources, Stanislawski notes.
“Now, there are many more malicious threat actors on the scene, while criminals are using ever more aggressive tactics to extort money,” says Stanislawski. “This has helped drive up the frequency and severity of ransomware attacks and claims in recent years.”
Losses resulting from external incidents, such as Distributed Denial of Service (DDoS) attacks and ransomware campaigns, account for the majority of the value of cyber claims (81%) analyzed by AGCS over the past six years. There has been an increase in ransomware incidents over the past two years in particular, with the number of claims rising by 50% year‑on‑year in 2020 (90). The total of ransomware claims received in the first half of 2021 is already the same as reported during the whole of 2019 (60), although this still represents a relatively small proportion of claims overall.
 FBI, Ransomware Awareness for Holidays and Weekends, August 31, 2021
 Cybersecurity Ventures, Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031, June 3, 2021
 Coveware, Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority, July 23, 2021
Ransomware trends: Risks and Resilience
A steady increase in cyber claims
Number of cyber-related claims
Cause of loss by value of claims
Based on the analysis of 2,916 claims worth €751mn (US$885mn) reported from 2015 until June 30 2021. Total refers to all cyber-related claims, not just ransomware incidents. Total value also includes the share of other insurers involved in the claim in addition to AGCS.
Source: Allianz Global Corporate & Specialty
Change is afoot in the insurance market
The ransomware pandemic of the past few years has triggered a major shift in the cyber insurance marketplace, as carriers and insureds endeavor to mitigate the rising frequency and severity of attacks and resulting cyber insurance claims. Cyber insurance rates have been rising (according to broker , US rates rose by over 50% in the second quarter of 2021 alone) while capacity has tightened. Underwriters are placing increasing scrutiny on the cyber security controls that are employed by organizations and pricing risks accordingly.
The role of insurance has always been to encourage good risk management and loss prevention, one that can trace its roots back hundreds of years to protecting the first factories and steam boilers. Although ransomware is still an evolving risk, insurers have been working with companies to identify the best practices and standards that can improve their security postures.
Insurers have established certain cyber underwriting criteria that helps to determine their risk appetite. “Therefore, we are able to clearly communicate our cyber risk management and security expectations. If a commercial customer can fulfil the criteria they will be in a better position when it comes to a ransomware attack and to secure insurance,” says Rishi Baviskar, Global Cyber Experts Leader, Risk Consulting, AGCS.
Three out of four companies do not meet AGCS’ requirements for cyber security. However, many customers have been working with AGCS to meet the criteria and reduce their exposure.
“This approach should encourage companies to invest in cyber security and provide Chief Information Security Officers with ammunition in discussions with their boards,” says Baviskar.
Ransomware protection - what does good IT security look like?
Watch now the replay of our webinar
"Cyber trends to watch in 2022"
What are the latest cyber risk trends and how can companies react correctly in the event of an attack?
On December 06, 2021, AGCS and Allianz Technology experts hosted a one-hour webinar session, examining trends and developments in cyber space, risk challenges and simple measures to prevent an attack, with live Q&A.
Global Head of Financial Lines, AGCS
Global Head of Cyber, AGCS
Head of Cyber Crisis Management, Allianz Technology
Discuss with us on social media
Keep up to date on all news and insights from AGCS