Report | October 2021

Cyber intrusion activity globally jumped 125% in the first half of 2021 compared with the previous year, according to Accenture [1], with ransomware and extortion operations top two contributors behind this triple‑digit increase. There is little evidence that ransomware attacks show any sign of letting up. Weak cyber security, challenging conditions for law enforcement and cryptocurrencies are creating fertile ground for criminals, who continue to find lucrative rewards with little risk of prosecution.

The frequency and severity of attacks has escalated in the past two years. According to the Federal Bureau of Investigation (FBI) [2] there was a 62% increase in ransomware incidents through the first six months of 2021 in the US, which followed a 20% increase in the number of incidents for the whole of 2020 and a 225% increase in ransom demands. Globally, across 2021 ransomware attacks are estimated to cost businesses around $20bn, according to Cybersecurity Ventures [3], a total predicted to reach $265bn by 2031.

Ransomware has become a real menace for businesses across all sectors. And with no easy remedy in sight, the onus is on individual companies to invest in cyber security and make life harder for gangs. Those companies that take steps to prevent attacks and mitigate the impact will be far less likely to fall victim to ransomware.

“The number of ransomware attacks may even increase before the situation gets better. As insurers we have to continue to work with our clients using a combination of policy and service improvements to help businesses understand the need to strengthen their controls,” says Scott Sayce, Global Head of Cyber at AGCS and the Global Head of the Cyber Center of Competence for AGCS and the Allianz Group.

“Not all ransomware attacks are targeted. Criminals also deploy wild scattergun approaches to exploit those businesses that aren’t addressing or understanding the vulnerabilities they may have. In today’s rapidly evolving market for cyber insurance coverage, providing the emergency response services, as well as financial compensation, in the wake of the numerous different types of cyber-attacks is now the standard. The cyber insurance market is providing the ‘digital SWAT team’ in addition to the covered financial losses.”

Cyber extortion, and ransomware in particular, has become big business. Attacks have increased as criminals have become more organized, refining their tactics and business models. The development of ‘ransomware as a service’ (RaaS), for example, has made it easier for criminals to carry out attacks. Run like a commercial business, RaaS groups like REvil and Darkside sell or rent their hacking tools to those who carry out the attacks and extort victims. They also provide a range of support services, including helplines and ransomware negotiation services.

RaaS has lowered the barriers to entry and enabled criminals to scale up their efforts and ramp up their attacks. Even those with little technical knowledge can launch ransomware attacks using RaaS. From as little as a $40 per month subscription, successful attacks can yield many thousands of dollars from ransomware payments. REvil, may have collected close to $100mn in ransom payments in just the first six months of 2021, according to estimates [4].

Ransomware gangs are fundamentally driven by commercial motivations, such as efficiency and profitability, explains Michael Daum, Senior Cyber Underwriter at AGCS: “Ransomware is run like a business. All the trends we see, such as the significant increase in the number of groups deploying ‘double extortion’ attacks, the surge in supply chain incidents (and even the emergence of ‘triple extortion’) are all just ways in which criminals are seeking to increase their return on investment and their efficiency, optimizing their attacks in order to get the best outcome.”

The combination of high rewards and low risk for cyber criminals means that ransomware is here to stay, at least for the foreseeable future, according to Marek Stanislawski, Global Cyber Underwriting Lead at AGCS.

“The knowledge threshold to carry out attacks is relatively low and ransomware tools are more easily accessible. Together with cryptocurrencies and the relative ease with which gangs can avoid detection and prosecution, ransomware is an area where criminals can easily thrive.”

Our increasing reliance on digitalization, the surge in remote working following Covid‑19, and IT budget constraints are just some of the reasons why IT vulnerabilities have intensified and there are now countless numbers of access points for criminals to exploit. Initial attacks are typically automated, with many cyber gangs previously limited by the human capacity required to follow up on attacks. However, that capacity has been increasing as gangs have invested in additional resources, Stanislawski notes.

“Now, there are many more malicious threat actors on the scene, while criminals are using ever more aggressive tactics to extort money,” says Stanislawski. “This has helped drive up the frequency and severity of ransomware attacks and claims in recent years.”

Losses resulting from external incidents, such as Distributed Denial of Service (DDoS) attacks and ransomware campaigns, account for the majority of the value of cyber claims (81%) analyzed by AGCS over the past six years. There has been an increase in ransomware incidents over the past two years in particular, with the number of claims rising by 50% year‑on‑year in 2020 (90). The total of ransomware claims received in the first half of 2021 is already the same as reported during the whole of 2019 (60), although this still represents a relatively small proportion of claims overall.

[1] Accenture, Global Cyber Intrusion Activity More than Doubled in First Half of 2021, According to Accenture’s Cyber Incident Response Update, August 4, 2021
[2] FBI, Ransomware Awareness for Holidays and Weekends, August 31, 2021
[3] Cybersecurity Ventures, Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031, June 3, 2021
[4] Coveware, Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority, July 23, 2021
(AGCS only started offering cyber insurance in 2013, so claims experience is limited. Total refers to all cyber-related claims, not just ransomware incidents.)
Source: Allianz Global Corporate & Specialty

Based on the analysis of 2,916 claims worth €751mn (US$885mn) reported from 2015 until June 30 2021. Total refers to all cyber-related claims, not just ransomware incidents. Total value also includes the share of other insurers involved in the claim in addition to AGCS.

Source: Allianz Global Corporate & Specialty

The ransomware pandemic of the past few years has triggered a major shift in the cyber insurance marketplace, as carriers and insureds endeavor to mitigate the rising frequency and severity of attacks and resulting cyber insurance claims. Cyber insurance rates have been rising (according to broker Marsh [5], US rates rose by over 50% in the second quarter of 2021 alone) while capacity has tightened. Underwriters are placing increasing scrutiny on the cyber security controls that are employed by organizations and pricing risks accordingly.

The role of insurance has always been to encourage good risk management and loss prevention, one that can trace its roots back hundreds of years to protecting the first factories and steam boilers. Although ransomware is still an evolving risk, insurers have been working with companies to identify the best practices and standards that can improve their security postures.

Insurers have established certain cyber underwriting criteria that helps to determine their risk appetite. “Therefore, we are able to clearly communicate our cyber risk management and security expectations. If a commercial customer can fulfil the criteria they will be in a better position when it comes to a ransomware attack and to secure insurance,” says Rishi Baviskar, Global Cyber Experts Leader, Risk Consulting, AGCS.

Three out of four companies do not meet AGCS’ requirements for cyber security. However, many customers have been working with AGCS to meet the criteria and reduce their exposure.

“This approach should encourage companies to invest in cyber security and provide Chief Information Security Officers with ammunition in discussions with their boards,” says Baviskar.

[5] Marsh, Global Insurance Market Index - 2021 Q2
AGCS has published a  checklist with recommendations for effective cyber risk management. “In around 80% of ransomware incidents losses could have been avoided if the organizations had followed best practices. Regular patching, multi-factor authentication, as well as information security and awareness training and incident response planning are essential to avoiding ransomware attacks and also constitute good cyber hygiene,” says Rishi Baviskar, Global Cyber Experts Leader at AGCS Risk Consulting. “If companies adhere to best practice recommendations there is a good chance that they will not become ransomware victims. Numerous security gaps can be closed, often with simple measures.”

What are the latest cyber risk trends and how can companies react correctly in the event of an attack?

On December 06, 2021, AGCS and Allianz Technology experts hosted a one-hour webinar session, examining trends and developments in cyber space, risk challenges and simple measures to prevent an attack, with live Q&A.


Shanil Williams
Global Head of Financial Lines, AGCS

Scott Sayce
Global Head of Cyber, AGCS

Robin Kroha
Head of Cyber Crisis Management, Allianz Technology

Keep up to date on all news and insights from AGCS
The Allianz Group offers a wide range of products, services, and solutions in insurance and asset management and operates as an international insurer on almost every continent.
With our worldwide network, Allianz Global Corporate & Specialty (AGCS) is one of the very few global insurers with an exclusive focus on the needs of global corporate and specialty clients.