$20B
Aon report projected business costs associated with ransomware attacks to total $20 billion in 2021.
As the frequency of ransomware attacks increases, organizations must consider that it’s not just data that hackers are targeting. There is an increasing risk of business interruption (BI). This growing digital peril has presented new challenges to business continuity and security.
“The landscape has changed the cyber risk,” says Bianca McKenzie, head of claims preparation, advocacy and valuations U.K. at Aon. “With ransomware becoming commonplace, we’ve gone from it being oriented around liability to a focus on disruption. That is the cyber criminals’ new goal: to disrupt businesses rather than just to extract data.”
While organizations are used to considering business interruptions related to circumstances like property damage, the threats of cyber BI can have much wider ramifications. For a business with operations in multiple sites — even multiple countries — the BI impact of a ransomware attack can reach beyond a single property and disrupt operations worldwide.
“Before ransomware like that was unfathomable,” says McKenzie. “You couldn’t imagine that operations could be disrupted to an extent that it would financially impact clients at a global level.”
According to Aon’s 2021 Cyber Security Risk Report, ransomware attacks have become more complex and business interruption increasingly likely.
Ransomware attacks exploded in number and frequency during 2020. As the number of attacks grew, so did their cost: the Aon report projected business costs associated with ransomware attacks to total $20 billion in 2021. To mitigate financial loss, organizations should prepare to address cyber BI before a disruption occurs.
For businesses, the task of preparing for cyber BI risk includes several imperatives:
“In principle, it’s really not that different from a property BI claim to a cyber BI claim, except for the fact that with cyber BI you might not know which policy applies, and you want to have the team lined up in advance,” says Jill Dalton, managing director in Aon’s U.S. Property Risk Consulting Group. “Make sure you know who’s going to be doing the cyber preparation. Get that team lined up in advance, because the biggest issue in the cyber claim is tackling it right away.”
To properly address a cyber BI threat — including maximizing the ability to transfer risks — businesses must fully understand their exposures. With insurers demanding more detailed information from prospective cyber insurance buyers, businesses should invest in analyzing their exposures to determine what a probable cyber BI loss might look like.
“Now is the time to really tighten up your understanding of what your cyber BI risk really is,” says McKenzie. “Given the insurance market and the challenges that some are face in terms of actually transferring their cyber risk, it’s important to invest in understanding what a more probable cyber BI loss would look like when it comes to renewing a cyber policy or purchasing a cyber policy for the first time.”
Businesses also must consider the possibility that their supply chains could also be interrupted by cyber BI.
“It’s a huge issue, because if a supplier has a cyber attack that prevents them from getting you their product, then you’re experiencing a contingent business interruption loss as a result of the cyber event,” says Dalton. “It’s important for companies to do good due diligence in selecting and managing suppliers.”
Businesses exposed to cyber BI risks in their supply chains should also consider using multiple suppliers and develop backup plans to address potential disruptions.
Calculating the losses incurred in a cyber business interruption can be challenging — particularly for a multinational business with operations in different locations possibly facing varied impacts.
“There needs to be an appreciation for that complexity and due care in gathering the supporting data,” says McKenzie. “Quantifying the impact, close management of the claim and working with the insurer and their representatives to recover insured losses is a many-faceted process. It requires expert time and resources.”
The challenge is heightened by the fact that the process of determining the losses takes place while the company is experiencing a cyber BI and is in “crisis mode.”
“Businesses should try to be ahead of the curve and be as prepared as possible before an event,” McKenzie says. “They should understand what sort of information they’ll need to capture and how they’ll collect it.”
The threat of cyber attacks continues to grow and, with it, the risk of cyber business interruptions. By analyzing exposures, taking steps to address risk and establishing a strategy for assembling a claim quickly and accurately, businesses can better prepare themselves for the threat of cyber BI.
Aon report projected business costs associated with ransomware attacks to total $20 billion in 2021.
General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Stay in the loop on today's most pressing cyber security matters.
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Explore Aon's latest environmental social and governance (ESG) insights.
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Explore our hand-picked insights for human resources professionals.
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Our Property Risk Management collection gives you access to the latest insights from Aon's thought leaders to help organizations make better decisions. Explore our latest insights to learn how your organization can benefit from property risk management.
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
Article 24 mins
As the world races to reduce climate risks and limit CO<sub>2</sub> emissions, the demand for scalable and cost-effective decarbonization technologies is increasing. Carbon capture projects form an important part of the low carbon energy transition, bringing both challenges and opportunities.
Article 13 mins
Growing extreme heat conditions have escalated risks, delays and costs for the construction industry in North America. Parametric insurance can help protect against such risks, offering contractors and building owners agility, efficiency and flexibility.
Article 21 mins
The launch of the Unified Patent Court allows for a new patent filing process across Europe using a centralized system. While this brings significant financial and operational benefits, navigating these changes will demand a robust litigation risk management strategy.