International trend in cyber criminality
A glance across the pond with AXA XL
The prediction that companies are affected by cyber attacks worldwide every 14 seconds was made in 2017. However, the actual intervals were a lot shorter in October 2019. Cyber criminals attempt to gain access to a company’s systems every ten seconds.
If 2019 has proven something, it’s that hackers are becoming a lot more cunning with their methods and their targets. The losses caused by cyber criminality amounted to 2 billion dollars in 2019. Losses of over 5 billion dollars are expected by 2024.
This amount could rise even further, especially as cyber criminals often change their methods of attack. It’s becoming a race against time for companies trying to stay one step ahead of the hackers; a vulnerability must be eliminated while another is already evolving.
However, the most common method used by hackers to gain access is still a well-known one. Phishing through emails or social media actually continues to be at the top of the list. Phishing attacks increased by 65% last year (2018-2019) alone.
However, the knowledge of how hackers get in – and what they target – provides valuable input when it comes to introducing preventative measures.
Let’s analyse the three main trends in cyber criminality which dominated 2019.
1. Ransomware (ransom demand)
The volume and frequency of ransom demands increased in 2019, which indicates that this is the preferred method of attack for many cyber criminals. The reason is that these attacks are easy for hackers to carry out and have a high success rate. They access the system, lock out users and demand a ransom. It’s that easy!
By all accounts, ransomware is expected to continue to grow exponentially as the preferred method used by cyber criminals. The main causes of ransomware (ransom demands) so far have been negligent employees (51%), ineffective virus protection (45%) and outdated or unpatched software or security precautions (26%). Fortunately, these causes can be tackled effectively by most companies:
2. Focus on public institutions
The numerous high-profile cyber attacks on government institutions help to raise awareness. In May 2019, the city of Baltimore was affected by a ransomware attack for the second time in just 14 months. The attack cost the city over 18 million dollars. The original ransom demand the city did not want to pay amounted to 76,000 dollars.
In order to prevent attacks, public institutions that only have low budgets or no budgets at all for cyber security could still use some of the aforementioned preventative strategies – training employees in how to respond correctly and report attacks, updating systems and applications on a regular basis and ensuring that their virus protection is up-to-date.
3. Biometric data
Facial recognition Scanning of fingerprints Retinal scans Current identification instruments are also a hotbed of exposure from hackers and opposing parties. A logistics company that offers business and administration services for the elderly throughout USA recently violated the Biometric Information Privacy Act (“BIPA”). The company uses a biometric time recording system that requires employees to use their fingerprints as a means of authentication instead of key fobs or identity cards. The employees must scan their fingerprint to be entered in the database. The plaintiff claimed as part of a class action that the company did not observe the BIPA in terms of recording and using fingerprints. However, in this case, an early settlement was reached and the total costs of defence plus the settlement amounted to approximately 600,000 dollars.
Companies should work transparently whenever biometric data is recorded and/or stored. Clear disclosure of the practice and obtaining written approval protect both the company and the owner of the biometric data. Companies should also state how the data is used and stored during a disclosure and consent process.
Keeping hackers at bay
Cyber risks are constantly developing in terms of volume and form. The cyber liabilities are being restructured, from ransom attacks to biometric exposures.
Regardless of whether they are ransom threats or risks caused by the use of biometrics, your company should check systems and guidelines to ensure that system availability and compliance with data protection laws are sufficient. You should also know how your company will respond and what responsibility you assume in the event of a violation or a breach of data protection requirements. AXA AL offers the best possible insurance solutions for these risks for medium-sized to large multinational companies worldwide.
Mag. Verena Schmidt
Underwriter Austria & Central Eastern Europe
International Financial Lines
AXA XL, a division of AXA
T +43 1 50 60 2109
verena.schmidt@axaxl.com
Dennis Bertram
Underwriter Cyber and
International Financial Lines
AXA XL, a division of AXA
T +49 221 16 887 122
dennis.bertram@axaxl.com
www.axaxl.com
The article is written by Stephan Eberlain and Günter Hubmann.
Related Insights
Pillar of Our Strategy Is Specialisation – Interview With Georg Winter
Georg Winter offers some insights into his vision for GrECo. Interview was originally published in Lockton Global Partners Magazine.
‘Our only focus is on our client’s and people’s needs’
Ante Banovac shares his thoughts about future risks facing the insurance industry and the state of the insurance market in Serbia, Slovenia and Croatia
How bad was drought this year in your region and how much insurance would help to protect against losses?
Such a big drought leads to many negative consequences in many industries, especially in agriculture, energy, logistics, and forestry.

Anita Molitor
Operation Executive
T +43 664 962 40 08

Günter Hubmann
Deputy Competence Center
Manager Liability
T +43 5 0404 219