Across the globe, our teams have observed these new cyber trends emerging over the past year, with many emerging over the past six months. These trends represent new developments in the cyber risk and security landscape and may have significant implications for both companies and consumers. Today, many cyber risks have become systemic. Such large-scale, rapid-fire attacks spread from one country to another. The globally disruptive cyber-threats of 2017 unite businesses and individuals around the world in a common endeavor to stay secure.
From helping companies adopt some of the world’s leading best practices for cybersecurity to consulting individuals on how to help protect their identities in the aftermath of large-scale data breaches, AIG can deliver unique perspectives that stem from our longstanding experience as a global leader in cyber insurance. As cyber risks around the world become increasingly interconnected, AIG can help its clients develop global cyber risk solutions and can deliver, through collaborative partnerships, the meaningful risk insights that enable stronger and safer outcomes.
1. Demand for Cyber Protection Soars in China and Japan
Businesses in China are seeking greater cyber protection. From April to May 2017, AIG saw an 87% increase in cyber submissions in Greater China (China, Hong Kong, Taiwan), following the WannaCry cyberattack. This increase in Greater China was more than double the 38% increase in cyber submissions that AIG observed globally.i The self-replicating WannaCry malware attack affected over 29,000 firms across China, including small, mid-sized, and large businesses.ii “WannaCry has really changed the dynamics,” said Jason Kelly, AIG’s Head of Liabilities and Financial Lines for China, Australasia, and South Korea. “We used to tap into large multinational companies that understood where the exposure was. Now we are really talking about mid-market and SMEs.”
Growth in the demand for cyber protection is also visible in Japan, where major insurers reported significantly higher sales for the 2016 fiscal year, compared to fiscal year 2015.iii For example, AIU Insurance, a flagship company for AIG’s operations in Japan, observed a 50% rise in sales of cyber insurance in fiscal year 2016, compared to the prior fiscal year.iv AIG research in 2016 also indicated that out of 15 major risk areas, cyberattacks represented the risk area where business insurance buyers in Japan were most likely to take action.
During 2016, Japan saw the number of individuals affected by data breaches at companies and organizations rise by more than 10 million compared to the prior year, according to data from the Japan Network Security Association.v Along with South Korea, Australia, New Zealand, and Singapore, Japan represents one of the ‘Cyber Five’, countries that, as a group, appear nine times more vulnerable to cyberattacks than the other thirteen Asian nations for which data was available, according to a 2016 analysis by Deloitte.vi Changes to Japan’s Act on the Protection of Personal Information took effect in May 2017 to help anonymize data on individuals and to require companies to safeguard international transfers of personal data.vii
Demand for cyber protection soars in China and Japan in early 2017. 87% increase in cyber submissions seen by AIG in China, Hong Kong and Taiwan from April to May 2017. Worldwide increase of 38%. 50% increase in cyber insurance sales by AIU Insurance (an AIG company in Japan).
2. Limited Transparency Hinders Cybersecurity in Asia
“Despite increased awareness brought about by the recent global cyberattacks such as WannaCry and NotPetya, many companies in Asia still do not understand their cyber exposure because so much of what happens occurs out of the public eye,” said Jason Kelly, AIG’s Head of Liabilities and Financial Lines for China, Australasia, and South Korea, at an AIG panel on cybersecurity in Asia, held in Hong Kong in August 2017. Due to a lack of regulations that mandate public disclosure of cyberattacks, senior-level decision makers may not see real examples of cyber losses until their companies themselves become targets.
This lack of transparency may lead to an inaccurate perception that the Asia Pacific cyber threat is lower than in other regions.viii In fact, the high growth, digital connectivity, and limited cyber protection of Asian businesses can make them stand out as targets for hackers.ix Companies seeking to grow rapidly in Asia may encounter cyber risks in mergers and acquisitions, as cyberattacks can strike multinationals through vulnerabilities in Asia.x