Security claims expected to surge with GDPR: AIG report

A surge in data breach and other security failure claims can be expected when the European Union’s General Data Protection Regulation takes effect Friday, says American International Group Inc. in a report issued Thursday.

“Companies will be more inclined to report breaches, with the impact on cyber claims similar to that witnessed in the U.S. after state breach notification laws come into effect,” says the report issued by AIG Europe titled Cyber Insurance Claims: Ransomware Disrupts Business.

The report says also that in 2017, AIG’s claims statistics show that 26% of claims had ransomware as the primary cause of loss, an increase from 16% during the 2013-2016 period.

“The combination of leaked National Security Agency tools plus state-sponsored capabilities triggered a systemic event,” Mark Camillo, London-based head of cyber for Europe Middle East Asia at AIG, said in the report.

“The WannaCry outbreak, which hit hundreds of thousands of machines around the world, could have been worse in terms of scale and insured losses if a UK researcher hadn’t quickly found and activated the kill switch,” Mr. Camillo said.

Following ransomware, data breach by hackers accounted for 12% of reported incidents, followed by other security failure/unauthorized access, 11%, and impersonation fraud, 9%.

The report said also while “the proportion of claims caused by employee negligence reduced marginally to 7% in 2017, human error continues to be a significant factor in the majority of cyber claims.”