Digital developments that have increased their efficiency with technological enhancements also bring some problems. One of the major problems caused by technology is cyber-risks which threat both individuals and companies. Insurance market cannot remain indifferent to such threats, and therefore focuses on solutions with products providing insurance against cyber-risks.
As there are limited number of people in companies who can detect cyber-threats, companies that are specialized in such threats come into picture. Technology companies that specialize in cyber-threats offer solutions for cyber-risks incurred by individuals and corporations.
Research shows that cyber-risks impose a threat for the insurance market
Naturally, the responsibility to provide insurance for such threats falls on the shoulders of the insurance market. According to a research conducted by KMPG with Harvey Nash, cyber-attacks have increased by 45 percent all over the world, compared to 2013. According to the same research, the biggest jump in threats comes from insider attacks, increasing from 40 percent to 47 percent over last year. Kaspersky Lab’s ICS report suggests that ineffective cybersecurity costs industrial organizations up to 497 thousand USD per year. Such a huge potential for financial and operational loss proves the necessity of owning cyber-risk insurance for industrial organizations. Cyber risk insurance is rapidly becoming one of the new global trends for corporate risk management.
According to the 2017 Global Risk Report by Zurich Group, biggest risks for 2017 are terrorism, cyber-attacks, natural catastrophes, immigration, regional conflicts and climate changes. A statement by Comodo EMEA Region claims that Turkey is among the top 5 countries in terms of cyber-attack frequency.
Turkey is exposed to highest number of ransomware attacks in Europe
Another research by Trend Micro suggest that the number of ransomware attacks increased by 172 percent on a global scale. According to the 2016 Cyber-Threat Status Report by Türkiye Savunma Teknolojileri Mühendislik, Turkey received highest number of ransomware attacks during 2016 among European countries; and was listed 3rd on global scale, following USA and Brazil. This result clearly shows the criticality of the situation. Another threat we are facing is the online banking attacks, considering that we are again the number one country in Europe in terms of attack frequency.
Cyber security research which was conducted with the participation of 250 companies in Turkey indicates that the number of cyber-attacks increased during the last five-year period; therefore increasing the number of threats on the integrity of Turkish economy. The report states that 47 percent of commercial organizations agree on the fact that the cyber-attacks they face have been increasing since 2011.
Three out of every four companies in Turkey already have a cyber-security policy in place. 43 percent of those companies review and/or revise their cyber-security policies on a daily, weekly and monthly basis. 23 percent of companies in Turkey do not determine a budget for cyber-security expenses; whereas 50 percent of companies allocate from 11 to 30 percent of their total IT budget for cyber-security. 10 percent of companies in Turkey state that they spend more than 31 percent of their IT budget for cyber security.
According to the “Emerging Risks Barometer” by ACE Group, 52 percent of research participants define cyber-risks as the biggest risks that have the potential of imposing financial risks on companies.
Turkey needs to put a bigger fight
Cyber-risks have become a common problem for all sectors, and Turkey needs to put a bigger fight. Chubb states that technologies used by every company in Turkey (big or small) faces significant risks due to data security breaches, considering that Turkey is a country receiving the highest number of cyber-attacks in Europe, and ranks 3rd on global scale after USA and Brazil. Insurance companies set off from the fact that companies need to protect themselves from cyber-risks that threaten their devices and infrastructures, as well as the data security of their clients and different companies they work with. Another research by Fortinet reveals that Turkey ranks fifth in the world in terms of botnet, exploit kit and ransomware threats.
Awareness should be raised for cyber risks
Despite having increased as a result of recent events, awareness of cyber-threats in Turkey still remains inefficient. Insurance market has a big role to play in increasing this awareness. Need for insurance increases on a daily basis to provide cyber-security in the business world.
Awareness of cyber-threats is the highest in USA, compared to the rest of the world. In Europe however, awareness has still not reached the necessary levels. According to a report by FireEye; Germany receives the highest number of attacks in Europe with 19 percent, followed by Belgium with 16 percent, and Britain and Spain with 12 percent.
Companies in USA are known to spend 2.5 billion USD on an annual basis. In Europe, this figure is around 150 million USD. It is evident that premium volume of cyber-risk insurance will grow exponentially in parallel with the increase of cyber-crimes.
Insurance market continues to work for cyber-risks
Cyber-attacks can hurt companies very severely with financial losses, loss of reputation, or exposure to lawsuits. Attacks interrupting business, issues such as data loss and data theft will become even more important for risk managers and policyholders in the future. Other cyber-threats include damages to products, loss of information, breach of manufacturing process and even temporary halt of production, malware attacks, and apprehension of users’ credentials.
Experts anticipate that prominent cyber-threats in the near future will be DDoS attacks stemming from multiple IoT platforms, ransomware attacks, attacks on mobile devices, attacks on energy distribution systems, attacks towards penetration into internal correspondence and processes of companies, and data theft from closed systems.
Insurance market continues to insure cyber-risks with new and diversified product alternatives. Analysis and solution services provided by the market differ in parallel with the recent developments.