Skip Level Navigation

Cyber insurance claims: Ransomware disrupts business

Claims Intelligence Series


Cyber insurance claims: Ransomware disrupts business

AIG’s 2017 cyber claims statistics reflect both the growing maturity of the cyber book of business and a threat environment which has been characterised by a series of systemic malware and ransomware attacks, including WannaCry and NotPetya. While business/network interruption was a significant issue for many EU organisations, the majority of these losses were underinsured.

As had been predicted early last year by AIG’s cyber experts, 2017 was a year of widespread ransomware attacks and cyber business interruption. The Cyber insurance claims report shows that over a quarter of cyber claims (26%) received in 2017 had ransomware as the primary cause of loss. This is a significant leap from 16% of claims in the years 2013-2016. 

“The combination of leaked National Security Agency (NSA) tools plus state-sponsored capabilities triggered a systemic event,” says Mark Camillo, head of cyber for EMEA at AIG. “The Wannacry outbreak, which hit hundreds of thousands of machines around the world, could have been worse in terms of scale and insured losses if a UK researcher hadn’t quickly found and activated the kill switch.”


At a glance

  • AIG saw as many claims notifications in 2017 as in the previous four years combined, receiving the equivalent of one claim per working day.
  • Ransomware remains the top cause of loss for cyber claims (the key impact being business interruption), reflecting an increased incidence of such attacks worldwide.
  • Professional Services, Financial Services and Retail are at the top of the list when it comes to cyber claims, but incidents are spreading more broadly among a range of sectors, indicating that no industry is immune to cyberattack.