Category Archives: Technology

Tech Gains Traction
in Fight Against Insurance Fraud

By Max Dorfman, Research Writer, Triple-I

Insurance fraud costs the U.S. $308.6 billion a year, according to recent research by the Coalition Against Insurance Fraud (CAIF).  And, while staffing within insurers’ Special Investigation Units (SIU) is a pain point, CAIF found that use of anti-fraud technology is on the rise.

CAIF notes that hardest-hit insurance lines are:

  • Life insurance, at $74.7 billion annually;
  • Medicare and Medicaid, at $68.7 billion; and
  • Property and casualty, $45 billion.

“There is a huge and monumental impact that insurance fraud causes to American citizens, American families, and to our economy every single year,” said Matthew Smith, the coalition’s executive director.

Another recent CAIF study looked at SIUs and insurers’ response to fraud. The study found that SIU staff grew at 1.4 percent from 2021 to 2022, slower than the 2.5 percent growth rates from two previous studies addressing this issue. Staffing and talent are among the top concerns of anti-fraud leaders CAIF surveyed.

However, an additional CAIF study found that anti-fraud technology is increasingly being used—a positive sign in the fight against these crimes. Among the key findings of that report is that 80 percent of respondents use predictive modeling to detect fraud, up from 55 percent in 2018.

Insurance fraud is not a victimless crime. According to the FBI, the average American family spends an extra $400 to $700 on premiums every year because of fraud. Most of these costs are derived from common frauds, including inflating actual claims; misrepresenting facts on an insurance application; submitting claims for injuries or damage that never occurred; and staging accidents.

To further combat insurance fraud, there are ways to file complaints, including contacting your state’s fraud bureau; contacting your insurer to see if a fraud system is in place; using the National Insurance Crime Bureau (NICB) “Report Fraud” button; and reporting it to a local FBI branch.

“Insurance fraud is the crime we all pay for,” CAIF’s Smith added. “Ultimately, it’s American policyholders and consumers that pay the high cost of insurance fraud.”

Learn More:

Fraud, Litigation Push Florida Insurance Market to Brink of Collapse

Study: Insurers Suspect Rise in Fraudulent Claims Since Start of Pandemic

The Battle Against Deepfake Threats

Piracy Incidents Decline, But Horizon Isn’t Clear

Maritime piracy in the first half of 2022 is at its lowest level since 1994, the International Maritime Bureau (IMB) says, with 58 incidents, down from 68 for the same period last year. Nevertheless, the organization cautions against complacency.

For the full year 2020, IMB listed 195 actual and attempted attacks, up from 162 in 2019. The COVID-19 pandemic may have played a role in that rise in pirate activity – as it is tied to underlying social, political, and economic problems – and 2022 may represent the start of a return of a downward trend.

Source: International Chamber of Commerce/International Maritime Bureau (IMB)

Many people outside the maritime and insurance industries don’t realize that piracy remains a costly peril in the 21st century. Global insurer Zurich estimates the annual cost of piracy to the global economy at $12 billion a year.  In its 2022 Safety and Shipping Review, global insurer Allianz reports that piracy comes behind machinery damage or failure, collision, and contact, in terms of number of loss-causing incidents globally – and that total losses have fallen 57 percent over the past decade.

However, the shipping industry is vulnerable to disruptions and, as Allianz points out, has been affected on multiple fronts by Russia’s invasion of Ukraine: from loss of life and vessels in the Black Sea and disrupted trade to challenges to day-to-day operations that affect crews, cost and availability of fuel, and the growing for cyber risk.

“To date, the biggest impact has been on vessels operating in the Black Sea and/or trading with Russia,” Allianz says. “At the start of the conflict, approximately 2,000 seafarers were stranded aboard vessels in Ukranian ports. Trapped crews faced the constant threat of attacks, with little access to food or medical supplies, and a number have been killed.”

According to a recent industry survey, Allianz says, 44 percent of maritime professionals reported that their organization has been the subject of a cyber-attack in the last three years. Accumulations of cargo exposures at mega ports have been rising – and, with ports increasingly reliant on technology, an outage or cyber-attack could effectively close a port.

In February 2022, India’s busiest container port was hit by a ransomware attack, following incidents at U.S. and South African ports in recent years.

A third of organizations surveyed by Allianz said they don’t conduct regular cyber security training or have a cyber-response plan.

Cellphone Bans Cut Crashes; Telematics
Can Help Reduce
Distracted Driving

Max Dorfman, Research Writer, Triple-I

State prohibitions on cellphone use while driving correlate with reduced crash rates, according to recent research by the Insurance Institute for High Safety (IIHS). However, overall results were mixed among the states studied, with different legal language, degrees of enforcement, and penalty severity, providing possible explanations for the differing outcomes.

The study observed crash rate changes in California, Oregon, and Washington after legislation to prevent cellphone calls and texting while driving was enacted in 2017, with the research looking at overall numbers from 2015 to 2019. These numbers were compared to control states Idaho and Colorado.

Notably, the study found:

  • A 7.6 percent reduction in the rate of monthly rear-end crashes of all severities relative to the rates in the control states;
  • Law changes in Oregon and Washington were associated with significant reductions of 8.8 percent and 10.9 percent, respectively;
  • California did not experience changes in rear-end crash rates of all severities or with injuries associated with the strengthened law.

Still, state governments face several hurdles in their efforts to prevent crashes caused by cellphone use.

“Technology is moving much faster than the laws,” said Ian Reagan, a senior research scientist at IIHS. “Our findings suggest that other states could benefit from adopting broader laws against cellphone use while driving, but more research is needed to determine the combination of wording and penalties that is most effective.”

Distracted driving remains a major issue

Distracted driving remains a significant problem on roads nationwide. Indeed, distracted driving increased more than 30 percent from February 2020 to February 2022, due largely to changes in driving patterns spurred by the coronavirus pandemic, according to research by telematics service provider Cambridge Mobile Telematics.

The Governors Highway Safety Association (GHSA) reported that more than 3,100 people died in distraction-related accidents in 2020, with an estimated 400,000 people injured each year in such crashes. The true numbers, according to the study, are likely higher due to underreporting. The report also found that cell dial, cell text, and cell-browse were among the most prevalent and highest-risk behaviors.

Telematics can help

Telematics, which uses mobile technology to track driver behavior and provide financial incentives to drive less and often and more carefully, can help reduce dangerous driving. The more consumers positively react to the incentive, the less they pay for their insurance.

Research from the Insurance Research Council – like Triple-I, a nonprofit affiliate of The Institutes, focused on this exact issue, studying public perception and use of telematics. The study found that 45 percent of drivers surveyed said they made significant safety-related changes in the way they drove after participating in a telematics program. Another 35 percent said they made small changes in the way they drive.

During the pandemic, insurance consumers’ comfort with the idea of letting their driving be monitored in exchange for a better premium appeared to improve. In May 2019, mobility data and analytics firm Arity surveyed 875 licensed drivers over the age of 18 to find out how comfortable they would be having their premiums adjusted based on telematics variables. Between 30 and 40 percent said they would be either very or extremely comfortable sharing this data. In May 2020, they ran the survey again with more than 1,000 licensed drivers.

“This time,” Arity said, “about 50 percent of drivers were comfortable with having their insurance priced based on the number of miles they drive, where they drive, and what time of day they drive, as well as distracted driving and speeding.”

Complex Risks in a Complicated World:
Are Federal Government “Backstops” The Answer?

Two U.S. agencies have agreed to explore the potential need for a federal mechanism – analogous to the one put into place for terrorism insurance after the 9/11 attacks – to address the growing cybersecurity threat to critical infrastructure. The perceived need to do so speaks to the growing complexity and interrelatedness of this and other risks facing governments, businesses, and communities today.

The Government Accountability Office (GAO), in a recently published report, recommended that Treasury’s Federal Insurance Office (FIO) and Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) take this action.  It acknowledges that FIO and CISA have “taken steps to understand the financial implications of growing cybersecurity risks” – but those actions have not included the possible need for a federal insurance mechanism.

“Cyber insurance and the Terrorism Risk Insurance Program (TRIP)—the government backstop for losses from terrorism—are both limited in their ability to cover potentially catastrophic losses from systemic cyberattacks,” the GAO report says. “Cyber insurance can offset costs from some of the most common cyber risks, such as data breaches and ransomware. However, private insurers have been taking steps to limit their potential losses from systemic cyber events.”

Insurers are excluding coverage for losses from cyber warfare and infrastructure outages, the report notes, and cyberattacks may not meet TRIP’s criteria to be certified as terrorism.

As we’ve previously reported, some in the national security world have compared U.S. cybersecurity preparedness today to its readiness for terrorist acts prior to the 9/11. Before Sept. 11, 2001, terrorism coverage was included in most commercial property policies as a “silent” peril – not specifically excluded and, therefore, covered. Afterward, insurers began excluding terrorist acts from policies, and the U.S. government established the Terrorism Risk Insurance Act (TRIA) to stabilize the market.  TRIA created TRIP as a temporary system of shared public and private compensation for certain insured losses resulting from a certified act of terrorism.

Treasury administers the program, which has to be periodically reauthorized. TRIP has been renewed four times – in 2005, 2007, 2015, and 2019 – and the backstop has never yet been triggered.

The GAO recommendation that a similar solution be considered for cyber risk highlights the potential insufficiency of traditional risk-transfer products to address increasingly complex and costly threats. Alongside terrorism and cyber, we’ve experienced – and continue to experience – the myriad perils of pandemic, with its assorted impacts on the global supply chain, driving behavior, business interruption and remote work practices, and the economy. Even if those challenges moderate, we will continue to face what is perhaps the most entangled set of risks on the planet: those associated with climate and extreme weather.

One only has to look as far as Florida, where the insurance market is on the brink of failure as writers of homeowners coverage begin to go into receivership and global reinsurers reassess their appetite for providing capacity in that hurricane-prone, fraud- and litigation-plagued state. Or, one could follow the wildfire activity in recent years; or flood loss trends, increasingly creating problems inland, where flood insurance purchase rates tend to be lower than in coastal areas; or insured losses due to severe convective storms, which have been rising in parallel with losses from hurricanes.

Fortunately, many states are taking steps – often with partners, including the insurance industry – to anticipate and mitigate such risks. Much is being done, but much work remains to change behaviors, best practices, and public policies in ways that will reduce risks and improve availability and affordability of coverage.

The Battle Against Deepfake Threats

By Max Dorfman, Research Writer, Triple-I

Some good news on the deepfake front: Computer scientists at the University of California have been able to detect manipulated facial expressions in deepfake videos with higher accuracy than current state-of-the-art methods.

Deepfakes are intricate forgeries of an image, video, or audio recording. They’ve existed for several years, and versions exist in social media apps, like Snapchat, which has face-changing filters. However, cybercriminals have begun to use them to impersonate celebrities and executives that create the potential for more damage from fraudulent claims and other forms of manipulation.

Deepfakes also have the dangerous potential to be used to in phishing attempts to manipulate employees to allow access to sensitive documents or passwords. As we previously reported, deepfakes present a real challenge for businesses, including insurers.

Are we prepared?

A recent study by Attestiv, which uses artificial intelligence and blockchain technology to detect and prevent fraud, surveyed U.S.-based business professionals concerning the risks to their businesses connected to synthetic or manipulated digital media. More than 80 percent of respondents recognized that deepfakes presented a threat to their organization, with the top three concerns being reputational threats, IT threats, and fraud threats.

Another study, conducted by a CyberCube, a cybersecurity and technology which specializes in insurance, found that the melding of domestic and business IT systems created by the pandemic, combined with the increasing use of online platforms, is making social engineering easier for criminals.

“As the availability of personal information increases online, criminals are investing in technology to exploit this trend,” said Darren Thomson, CyberCube’s head of cyber security strategy. “New and emerging social engineering techniques like deepfake video and audio will fundamentally change the cyber threat landscape and are becoming both technically feasible and economically viable for criminal organizations of all sizes.”

What insurers are doing

Deepfakes could facilitate the filing fraudulent claims, creation of counterfeit inspection reports, and possibly faking assets or the condition of assets that are not real. For example, a deepfake could conjure images of damage from a nearby hurricane or tornado or create a non-existent luxury watch that was insured and then lost. For an industry that already suffers from $80 billion in fraudulent claims, the threat looms large.

Insurers could use automated deepfake protection as a potential solution to protect against this novel mechanism for fraud. Yet, questions remain about how it can be applied into existing procedures for filing claims. Self-service driven insurance is particularly vulnerable to manipulated or fake media. Insurers also need to deliberate the possibility of deep fake technology to create large losses if these technologies were used to destabilize political systems or financial markets.

AI and rules-based models to identify deepfakes in all digital media remains a potential solution, as does digital authentication of photos or videos at the time of capture to “tamper-proof” the media at the point of capture, preventing the insured from uploading their own photos. Using a blockchain or unalterable ledger also might help.

As Michael Lewis, CEO at Claim Technology, states, “Running anti-virus on incoming attachments is non-negotiable. Shouldn’t the same apply to running counter-fraud checks on every image and document?”

The research results at UC Riverside may offer the beginnings of a solution, but as one Amit Roy-Chowdhury, one of the co-authors put it: “What makes the deepfake research area more challenging is the competition between the creation and detection and prevention of deepfakes which will become increasingly fierce in the future. With more advances in generative models, deepfakes will be easier to synthesize and harder to distinguish from real.”

Cyber Premiums Nearly Doubled as Losses Fell

By Max Dorfman, Research Writer, Triple-I

Direct written premiums for cyber policies grew sharply in 2021 from 2020, spurred by claims activity and cyber incidents. According to a recent analysis by S&P Global Market Intelligence, direct written premiums nearly doubled, to approximately $3.15 billion in 2021, from $1.64 billion the previous year. Direct written premiums for packaged cyber insurance rose approximately 48 percent, to $1.68 billion in 2021 from $1.14 billion in 2020. 

The average loss ratio for stand-alone policies decreased to 65.4 percent in 2021, from 72.5 percent in 2020, while they significantly grew premium. Analysts believe this might be a sign that insurers are becoming more disciplined and conservative in their cyber underwriting. Still, Fitch Ratings analysts noted that cyber insurance is the fastest-growing segment for U.S. property and casualty insurers, with prices increasing at “considerably higher” speed than other commercial business lines.

Cybercrime is increasing

According to the FBI’s Internet Crime Complaint Center (IC3) 2021 Internet Crime Report, the department had 3,729 ransomware complaints, with over $49.2 million of adjusted losses. In total, there was $6.9 billion in losses coinciding with more than 2,300 average complaints daily. The most common complaint was phishing scams, demonstrating a trend that has continued for some time.

Indeed, several data points demonstrate the increasingly dire situations organizations face when it comes to cyberattacks, and the need for businesses to become more vigilant. These include:

Challenges await

According to one analysis by Fortune Business Insights, the compound annual growth rate of cyber insurance could increase by 25.3 percent from 2021 to 2028, with the market growing to $36.85 billion.

However, Tom Johansmeyer, a cyber insurance expert, told Harvard Business Review in March 2022, “Cyber insurance is harder for companies to find than it was a year ago – and it’s likely going to get harder. While cyber insurance is becoming more of a must-have for businesses, the explosion of ransomware and cyberattacks means it’s also becoming a less enticing business for insurers.”

Organizations should combine these policies with a strong cyber security plan to fully safeguard against the possibility and consequences of a breach.

Learn More:

Triple-I “State of the Risk” Issues Brief on Cyber

Cyberattacks Growing in Frequency, Severity, and Complexity

As Cybercriminals Act More Like Businesses, Insurers Need to Think More Like Criminals

Data Visualization:
An Important Tool
for Insurance,
Risk Management

By Max Dorfman, Research Writer, Triple-I

Data visualization has become an increasingly important tool for understanding and communicating complex risks and informing plans to address them.

Simply put, data visualization is the depiction of data through static or interactive charts, maps, infographics, and animations. Such displays help clarify multifaceted data relationships and convey data-driven insights.

The origins of data visualization could be considered to go back to the 16th century, during the evolution of cartography. However, modern data visualization is considered to have emerged in the 1960s, when researcher John W. Tukey published his paper The Future of Data Analysis, which advocated for the acknowledgement of data analysis as a branch of statistics separate from mathematical statistics. Tukey helped invent graphic displays, including stem-leaf plots, boxplots, hanging rootograms, and two-way table displays, several of have become part of the statistical vocabulary and software implementation.

Since Tukey’s advancements, data visualization has progressed in extraordinary ways. Matrices, histograms, and scatter plots (both 2D and 3D) can illustrate complex relationships among different pieces of data. And, in an age of big data, machine learning, and artificial intelligence, the possible applications of data science and data analytics has only expanded, helping curate information into easier to understand formats, giving insight into trends and outliers. Indeed, a good visualization possesses a narrative, eliminating the extraneous aspects of the data and emphasizing the valuable information. 

Whether for tracking long-term rainfall trends, monitoring active wildfires, or getting out in front of cyber threats, data visualization has proved itself tremendously beneficial for understanding and managing risk.

The Triple-I uses data visualization in its Resilience Accelerator to better illustrate the risks many communities face with natural disasters, particularly hurricanes, floods, and resilience ratings. Spearheaded by Dr. Michel Leonard, Chief Economist and Data Scientist, Head of the Economics and Analytics Department at the Triple-I, these data visualizations provide an ever-needed way to more effectively communicate these hazards, expanding the knowledge base of insurers, consumers, and policymakers.

To further understand data visualization, we sat down with Dr. Leonard.

Why is data visualization so essential in preparing for and responding to catastrophes? What immediately comes to mind is maps. We can make spreadsheets of policies and claims, but how do you express the relationships between each row in these spreadsheets? We can use data visualization to show how houses closest to a river are most at risk during a flood or show the likely paths of wildfires through a landscape. Before a catastrophe, these tools help us identify at-risk zones to bolster resilience. After a catastrophe, they help us identify areas that need the most to rebuild.

How can data visualization help change the way insurers confront the challenges of catastrophes? The most crucial aspect of data visualization for insurers is the potential to explore “what-if” scenarios with interactive tools. Understanding risk means understanding what range of outcomes are possible and what it most likely to happen. Once we start accounting for joint outcomes and conditional probabilities, spreadsheets turn into mazes. Thus, it’s important to illustrate the relationship between inputs and outputs in a way that is reasonably easy to understand.

With the increasing threat of climate risk, how much more significant do you anticipate data visualization will become? I’m reminded of the writings from the philosopher Timothy Morton, who described climate change as a “hyper-object”: a multifaceted network of interacting forces so complex, and with so many manifestations that it is almost impossible to fully conceptualize it in your head at once.

Climate change is complicated and communicating about the risks it creates is a unique problem. Very few people have time to read through a long technical report on climate risk and how it might affect them. Thus, the question becomes: How do we communicate to people the information they need in a way that is not only easy to understand but also engaging?

Images or infographics have always been compelling tools; however, we prefer interactive data visualization tools for their ability to capture attention and curiosity and make an impression.

How does the Resilience Accelerator fit into the sphere of data visualization? With the Resilience Accelerator, we wanted to explore the interplay between insurance, economics and climate risk, and present our findings in an engaging, insightful way. It was our goal from the beginning to produce a tool that would help policymakers, insurers, and community members could find their counties, see their ratings, compare their ratings with those of neighboring counties, and see what steps they should take to improve their ratings.

What motivated this venture into data visualization – and how can it help change the ways communities, policymakers, and insurers prepare for natural disasters? It’s our job to help our members understand climate-related risks to their business and to their policyholders. Hurricanes and floods are only the first entry in a climate risk series we are working on. We want our data to drive discussion about climate and resilience. We hope the fruits of those discussions are communities that are better protected from the dangers of climate change.

Where do you see data visualization going in the next five to 10 years?
I’m interested in seeing what comes from the recent addition of GPU acceleration to web browsers and the shift of internet infrastructure to fiber optics. GPU acceleration is the practice of using a graphics processing unit (GPU) in addition to a central processing unit (CPU) to speed up processing-intensive operations. Both of these technologies are necessary for creating a 3-D visualization environment with streaming real-time data.

Cyberattacks Growing
in Frequency, Severity, And Complexity

By Max Dorfman, Research Writer, Triple-I (04/29/2022)

Several recent reports quantify the growing risk and cost of cyber attacks in 2021.

Willis Towers Watson PLC, a multinational risk-management, insurance brokerage, and advisory company, and global law firm Clyde & Co, surveyed directors and risk managers based in more than 40 countries around the world. They found that 65 percent regard cybercrime as “the most significant risk” facing directors and officers. Data loss and cyber extortion followed, at 63 percent and 59 percent, respectively.

In 2021, there were 623.3 million cyberattacks globally, with U.S. cyberattacks rising by 98 percent, according to cybersecurity firm SonicWall. Almost every threat increased in 2021, particularly ransomware, encrypted threats, Internet of Things (IoT) malware, and cryptojacking, in which a criminal uses a victim’s computing power to generate cryptocurrency.

The frequency of ransomware attacks alone rose by 105 percent globally in 2021, SonicWall says,  making them the most frequent type of cyberattack on record. The State of Ransomware 2022 by Sophos, a security software and hardware company, found that 66 percent of organizations surveyed were attacked by ransomware in 2021, rising from 37 percent in 2020. Ransomware payments often trended higher, with 11 percent of organizations stating that they paid ransoms of $1 million or more, up from 4 percent in 2020. Additionally, 46 percent of organizations that had data encrypted in a ransomware attack paid the ransom.

The 2021 Software Supply Chain Security Report by Argon, an Aqua Security company, underscores the main areas of criminal focus, including: “open-source vulnerabilities and poisoning; code integrity issues; and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.”

According to the Argon report, cybercriminals often use these methods to extort victims:

  • Encryption: Victims pay to regain access to scrambled data and compromised computer systems that stop working because key files are encrypted.
  • Data Theft: Hackers release sensitive information if a ransom is not paid.
  • Denial of Service (DoS): Ransomware gangs launch denial of service attacks that shut down a victim’s public websites.
  • Harassment: Cybercriminals contact customers, business partners, employees, and media to tell them the organization was hacked.

“The number of attacks over the past year and the widespread impact of a single attack highlights the massive challenge that application security teams are facing,” said Eran Orzel, a senior director at Argon.

Cyber insurers work toward protecting businesses

Cyber insurance remains an important investment for many companies, particularly as cyberattacks continue to wreak havoc across industries. Investing in cyber insurance can help an organization recover from an attack, with cyber insurance companies often helping to recover data, repair damaged devices, protect a company from civil lawsuits, and fixing any reputational damage sustained during an attack.

However, the first line of defense is creating a robust cybersecurity system, training employees on how to identify a potential attack, encrypting company data, and enabling antivirus protection. With only half of businesses reporting a consistent encryption strategy, and the cost of data breaches continuing to rise, organizations must do more to protect themselves and their customers.

Study Highlights Cost
of Data Breaches
in a Remote-Work World

By Max Dorfman, Research Writer, Triple-I (04/27/2022)

A recent study by IBM and the Ponemon Institute quantifies the rising cost of data breaches as workers moved to remote environments during the coronavirus pandemic.

According to the report, an average data breach in 2021 cost $4.24 million – up from $3.86 million in 2020. However, where remote work was a factor in causing the breach, the cost increased by $1.07 million. At organizations with 81-100 percent of employees working remotely, the total average cost was $5.54 million.

To combat the risks associated the rise of remote work, the study highlights the importance of security artificial intelligence (AI) and automation fully deployed – a process by which security technologies are enabled to supplement or substitute human intervention in the identification and containment of incidents and intrusion efforts.

Indeed, organizations with fully deployed security AI/automation saw the average cost of a data breach decrease to $2.90 million. The duration of the breach was also substantially lower, taking an average of 184 days to identify the breach and 63 days to contain the breach, as opposed to an average of 239 days to identify the breach and 85 days to contain the breach for organizations without these technologies.

Organizations continue to struggle with breaches

In 2021 and 2022, several high-profile data breaches have illustrated the major risks cyberattacks represent. This includes a January 2022 attack 483 users’ wallets on Crypto.com, which resulted in the loss of $18 million in Bitcoin and $15 million in Ethereum and other cryptocurrencies.

In February, the International Committee of the Red Cross (ICRC) was targeted by a cyberattack that resulted in the hackers accessing personal information of more than 515,000 people being helped by a humanitarian program, with the intruders maintaining access to ICRC’s servers for 70 days after the initial breach.

And in April, an SEC filing revealed that the company Block, which owns Cash App, had been breached by a former employee in December of 2021. This leak included customers’ names, brokerage account numbers, portfolio value, and stock trading activity for over 8 million U.S. users.

Insurers play a key role in helping organizations

The increasing frequency and seriousness of cyberattacks has led more organizations to purchase cyber insurance, with 47 percent of insurance clients using this coverage in 2020, up from 26 percent in 2016, according to the U.S. Government Accountability Office. This shift includes insurers offering more policies specific to cyber risk, instead of including this risk in packages with other coverage.

The insurance industry offers first-party coverage – which typically provides financial assistance to help an insured business with recovery costs, as well as cybersecurity liability, which safeguards a business if a third party files a lawsuit against the policyholder for damages as a result of a cyber incident.

A third option, technology errors and omissions coverage, can safeguard small businesses that offer technology services when cybersecurity insurance doesn’t offer coverage. This kind of coverage is triggered if a business’s product or service results in a cyber incident that involves a third party directly.

Still, the primary focus for organizations looking to defend themselves from cyberattacks is implementing a rigorous cyber defense system.  

Cyber Tops Allianz 2022 Survey of Business Risks

By Max Dorfman, Research Writer, Triple-I

Cyber incidents are the top threat to businesses, according to the latest Allianz Risk Barometer survey, up from third place in 2021. This result follows several significant data breaches and hacks last year, including the Colonial Pipeline ransomware attack, which caused a six-day shutdown and cost the company $4.4 million to regain access to its systems.

Business interruption fell to the second most important concern in a year marked by the continued presence of the coronavirus pandemic, cyberattacks, and natural catastrophes. Still, the report notes that the pandemic “has exposed the fragility and complexity of modern supply chains and how multiple events can come together to cause problems, raising awareness of the need for greater resilience and transparency.”

Natural catastrophe risk ranks third on the list – a jump from sixth in 2021. Global insured catastrophe losses increased to $112 billion in 2021, the fourth highest on record, according to Swiss Re.

While cyber is ranked as a more immediate threat to business than climate change, the report says these two perils are “linked by the fact that two of the most significant impacts expected from changes in legislation and regulation (the fifth top risk) in 2022 will be around big tech and sustainability.”

Pandemic outbreak fell to fourth place for 2022, with many companies comfortable that they are now better prepared for the consequences of these occurrences. According to the report, 80 percent of respondents believe they are “adequately” or “well” prepared.

The 11th annual report was developed from a late 2021 survey of 2,650 risk management experts from 89 countries and territories, including Allianz customers, brokers, industry trade organizations, risk consultants, and underwriters, with a focus on large- and small to mid-size companies.