Press Release

Malicious attacks accounted for 80% of Continental European cyber claims in 2020

According to a report published today by Marsh, the world’s leading insurance broker and risk advisor, in collaboration with Microsoft, international law firm CMS, and Kivu, a global cyber security firm, malicious cyber events accounted for 80% of cyber claims made in Continental Europe last year, up from 70% in 2019. Ransomware attacks accounted for 32% of cyber claims in 2020 – more than double that recorded for 2016-2020 (14%). Overall, cyber insurance claims across Continental Europe rose by 8% in 2020.

The report, The Changing Face of Cyber Claims 2021, analyses cyber insurance claims managed by Marsh in Continental Europe from 2016-2020. Amid the rising frequency and severity of cyber-attacks, cyber insurance rates increased by an average of 39% for all industries within Marsh’s Continental Europe client base in the first quarter of 2021, up from a 37% increase in Q4 2020.

While the most affected industry sectors – financial institutions, manufacturing, communication, media & technology, and professional services – remain unchanged from the 2019 research, Marsh reports that claim notifications among the top four sectors rose significantly in 2020, with three recording triple-digit increases: manufacturing (104%); communication, media & technology (153%); and professional services (200%).

The report notes that, as the pandemic took hold in Europe during March and April 2020, cybercriminals quickly capitalised on human anxiety to engineer a wave of COVID-19 themed attacks that blended well-established tactics and malware with increased searches for information about pandemic-related issues.

Commenting on the findings, Jean Bayon de La Tour, Head of Cyber, Continental Europe, Marsh, said: “Malicious attacks and ransomware events are becoming increasingly pernicious, as cyber criminals seek to exploit weak organisational defences and human frailties. It is now not a question of ‘if’ an organisation is likely to be involved in a cyber incident, but ‘when’.

“Establishing emergency plans and protocols, and creating incident response teams that can be quickly deployed to manage the crisis, are crucial. While improved cyber security and preparedness represent the first line of defence, cyber insurance can help mitigate the severity of an incident, support businesses through interruption and into recovery, and boost resilience.”

Erik Jonkman, Cybersecurity Lawyer, CMS, commented: "The continued rise of ransomware forces organisations to implement an effective legal response to cyber incidents, and to acknowledge that legal risk management goes way beyond compliance with privacy regulations such as the EU’s GDPR. Ransomware incidents can easily cause civil disputes between organisations, especially when their business processes are highly interconnected.”