Widener University Commonwealth Law School
MONTH-IN-BRIEF (Apr 2023)
Munich Re – Cyber Insurance Risks and Trends 2023
By Alan S. Wernick, Esq., Aronberg Goldgehn
Munich Re, a 142-year-old reinsurance company based in Munich, Germany, recently posted its 2023 Risks and Trends in Cyber Insurance report (the “Report”). The insurance industry plays an ever-increasing role in cybersecurity, including helping their insureds improve their understanding of cybersecurity threats and providing resources, subject to the terms of their cyber insurance policy, for mitigation of damages from these risks. The Report contains a number of interesting observations for lawyers and their clients proactively concerned about, and researching, their cybersecurity risks including, in part:
- The cyber insurance market reached a “record size” in 2022 with growth fueled partially by the increase in ransomware and supply chain attacks. The Report states “Cyber risk management is core in a digitised world. Since cyber insurance is an essential part of this, demand continues to grow strongly. Facilitating a sustainable cyber insurance market remains a key task for the insurance industry.”
- The Report cites to an (ISC)2 “2022 Cybersecurity Workforce Study” that projected that the cybersecurity field faces a “…cybersecurity workforce gap of 3.4 million people.”
- The Report predicts ransomware will be the primary loss driver in 2023 “…and very likely also beyond.” The Report states “Alarmingly, our experts are seeing a trend towards data destruction rather than encryption, the pretence of data theft as a new successful form of extortion, and a concentration of ransomware attacks on cloud infrastructure. In addition, the alarmingly specialist expertise of cyber criminals and the ongoing sophistication of services like reconnaissance-as-a-service will enable the unscrupulous to attack with greater precision.”
- The Report cites to an e-book by CJ Moses, Chief Information Security Officer (“CISO”) at Amazon Web Services, titled “Security Predictions in 2023 and Beyond,” which the Report says suggests “…that 463 exabytes (EB) of data will be created in 2025, creating a vast universe of opportunity for those with ill intentions. Biometric data, in particular, will in future likely attract considerable attention from malicious actors. In addition, legislation and awareness will inspire higher customer expectations regarding data protection.”