AIG Europe cyber claims report shows ransomware was the most popular form of attack in 2017 and warns GDPR could make things worse

Over a quarter of AIG Europe cyber claims last year were as a result of ransomware attacks.

Figures in the insurer’s cyber claims report show the number of claims received by AIG Europe in 2017 was as many as the four previous years put together, with ransomware claims the most prevalent accounting for 26% of all cyber claims – up from 16% the previous year.

And the report showed that it was on business interruption where the effects of a ransomware attack were most strongly felt financially.

Mark Camillo, head of cyber for EMEA at AIG said: “In 2017 we saw a series of sophisticated, systemic malware and ransomware attacks, including WannaCry and NotPetya.

“The resulting business interruption was a significant issue for many European organisations – much of the financial impact was a balance sheet loss.

“While ransom payments only generated around $150,000, total economic losses associated with WannaCry are estimated at $8bn, with half a billion dollars attributed to direct costs and indirect business disruption. The majority of these losses were underinsured.”


Looking ahead, Camillo warned the arrival of GDPR could encourage even more ransomware attacks.

He said attackers would increasingly threaten to compromise an organisation’s data unless payment is received because of the more significant consequences.

And he added: “Companies will be more inclined to report breaches, leading to an increased impact on the volume of cyber claims. This was seen in the US after state breach notification laws came into effect and where nearly every high-profile cyber breach is met with at least one class action lawsuit.”

Other findings in the report included that while the proportion of claims caused by employee negligence were falling (7%), human error continued to be a significant factor in the majority of cyber claims.

By sector, professional services (18%) and financial services (18%) were the most targeted industries for a cyber attack. This was followed by retail (12%), business services (10%) and manufacturing (10%).