Munich Re has warned that future cyberattacks will be accelerated by key technology trends such as artificial intelligence (AI), the “metaverse,” and expanding IT, Internet of Things (IoT), and operational technology (OT) worlds.
While these technologies offer great opportunities for society, businesses, and governments, they also create new attack surfaces, vulnerabilities, and systemic risks, the reinsurer noted in its report called “Cyber insurance: Risks and trends 2023.”
Additionally, the human factor remains a significant challenge in cybersecurity, making phishing, social engineering, and business email compromise (BEC) likely to remain successful attack vectors.
Organisations worldwide face greater exposure than ever to geopolitical conflicts, which are already having an unprecedented impact on cybersecurity.
Munich Re’s Global Cyber Risk and Insurance Survey 2022, as well as the Cyber Threat Outlook 2022, have shown that awareness, understanding, and preparation are vital in this context.
Ransomware and supply chain attacks dominated the cyber risk space over the past 12 months, the reinsurer noted.
Munich Re has warned that geopolitical risks, including the Russian invasion of Ukraine and global powers vying for position, will be a key driver of cyber insecurity, making a catastrophic cyber event more likely.
Critical infrastructure, intellectual property, and governmental elections in around 70 countries in 2023 are among the potential targets of nation-state threat actors, who may increasingly dedicate resources to cyber research and development.
The situation becomes particularly concerning if commercial cybercriminals adopt nation-state tactics, techniques, and procedures, resulting in an unprecedented threat to societies and governments. The use of AI, machine learning, deep fakes, chatbots, social media, and other digital channels will likely increase the sophistication and scope of disinformation and destabilisation efforts.
Ransomware will remain the primary threat to businesses and individuals, with alarming trends emerging, such as data destruction instead of encryption, data theft as a form of extortion, and increased attacks on cloud infrastructure.
The Munich Re Data Analytics Team found that from 2020 to 2023, ransomware was the leading cause of cyber insurance losses. The financial impact was heaviest on the finance industry, despite business and professional services having the highest number of overall claims.
Cybercriminals’ specialist expertise and the ongoing sophistication of reconnaissance-as-a-service will enable more precise attacks. According to Cybersecurity Ventures, ransomware will cost victims around US$ 265 billion annually by 2031.
Munich Re predicts that supply chain attacks will remain a significant threat due to the rise of critical bottlenecks and systemic risk targets. Transparency and cybersecurity investment will be crucial in mitigating these risks.
Data breaches and liability, particularly in relation to biometric data and privacy violations, will also be a key trend in 2023. The world of connected devices will become increasingly vulnerable, with cyber-physical systems at risk of attacks that could cost over $50 billion by 2023.
Munich Re aims to support insureds in building resilience and driving innovation in the cyber insurance market.
“Cyber insurance is coming of age, yet remains challenging. As we continue the path to ever more mature markets and products, expertise and reliability must be at the core of this fascinating line of business. Better exposure data, wording topics, cybersecurity trends and lessons learnt from previous losses are priorities for the entire industry. A thorough understanding of the risks provides the foundation for what our insureds need most: sustainable insurability and sufficient capacity,” Jürgen Reinhart Munich Re’s Chief Underwriter Cyber said.
