Last year, 689 million people in 21 countries globally were victims of cybercrime – a figure that is up 10% for the third year in a row – according to global cyber security giant, Symantec, which has a UK office in Reading.
“As a company we’re seeing a substantial increase in the number of campaigns and attacks,” Pascal Millaire, VP and general manager of cyber insurance at Symantec, told Insurance Business.
The firm’s internet security threat research report last year found a 55% increase in the number of cyber attacks being waged worldwide – a sharp increase.
And it’s clear that cybercrime is not just increasing, but changing in its nature too.
In 2012, 18% of attacks were targeted at small to medium sized businesses (SMEs), but in the last year, research has shown that 43% of attacks are now aimed at smaller firms – “cyber security is no longer an issue just for Fortune 2000 companies,” Millaire commented.
With a backdrop of risks that is developing month-to-month, both insureds and insurers can be left struggling to keep up.
“Cybercriminals have reached a new level of sophistication – stealing identities, information and data in broad daylight,” a Symantec spokesperson explained in an email to Insurance Business.
In response, insurers need to take a much more data-driven approach to analysing cyber risk, Millaire said.
“I often hear complaints that the cyber insurance industry is plagued by a lack of available claims data, and that may be true, but there is no lack of cyber security data,” he said.
A data-driven approach can include using a combination of publicly available, external data, internal aggregated data from cyber security companies, and general information about cyber adversaries – including who they are attacking and how.
In November last year, Symantec announced it was acquiring LifeLock, a leading identity protection provider, a move that means Symantec “can now deliver one of the most comprehensive digital safety platforms,” its spokesperson said.
Millaire has been focused on the firm’s latest software tools for the cyber insurance industry, which include a cyber underwriting platform and cyber risk modelling.
“Risk transfer and risk mitigation are going to come together,” he said, predicting a more holistic cyber risk management style in years to come. “As the global leaders in cyber security, we want to be really ahead of that trend.”
Looking forward, Millaire says the emergence of the Internet of Things (IoT) will turn all manner of risks into cyber risks, with the global number of IoT devices already said to be at nine billion, and only increasing.
“As everyday objects are connected to the internet, all of a sudden there are very few aspects of the global economy that aren’t impacted by cyber risk, and by extension there are very few lines of insurance that won’t be impacted by cyber risk as well.”