Munich Re – Cyber Insurance Risks and Trends 2023

By Alan S. Wernick, Esq., Aronberg Goldgehn

Munich Re, a 142-year-old reinsurance company based in Munich, Germany, recently posted its 2023 Risks and Trends in Cyber Insurance report (the “Report”). The insurance industry plays an ever-increasing role in cybersecurity, including helping their insureds improve their understanding of cybersecurity threats and providing resources, subject to the terms of their cyber insurance policy, for mitigation of damages from these risks. The Report contains several interesting observations for lawyers and their clients proactively concerned about and researching their cybersecurity risks including, in part:

  • The cyber insurance market reached a “record size” in 2022 with growth fueled partially by the increase in ransomware and supply chain attacks. The Report states, “Cyber risk management is core in a digitised world. Since cyber insurance is an essential part of this, demand continues to grow strongly. Facilitating a sustainable cyber insurance market remains a key task for the insurance industry.”
  • The Report cites an (ISC)2 “2022 Cybersecurity Workforce Study” that projected that the cybersecurity field faces a “…cybersecurity workforce gap of 3.4 million people.”
  • The Report predicts ransomware will be the primary loss driver in 2023 “…and very likely also beyond.” The Report states, “Alarmingly, our experts are seeing a trend towards data destruction rather than encryption, the pretence of data theft as a new successful form of extortion, and a concentration of ransomware attacks on cloud infrastructure. In addition, the alarmingly specialist expertise of cyber criminals and the ongoing sophistication of services like reconnaissance-as-a-service will enable the unscrupulous to attack with greater precision.”
  • The Report cites an e-book by CJ Moses, Chief Information Security Officer (“CISO”) at Amazon Web Services, titled “Security Predictions in 2023 and Beyond,” which the Report says suggests “…that 463 exabytes (EB) of data will be created in 2025, creating a vast universe of opportunity for those with ill intentions. Biometric data, in particular, will in future likely attract considerable attention from malicious actors. In addition, legislation and awareness will inspire higher customer expectations regarding data protection.”

The Report contains additional insights from Munich Re and is available at Cyber insurance: Risks and trends 2023 | Munich Re Topics Online.

The bottom line is that ongoing education is important in mitigating business risks in the rapidly evolving cybersecurity threat landscape. Cybersecurity awareness is simply part of today’s digitized business world. Lawyers and their business clients who proactively engage in ongoing education and awareness about the technology (its benefits and risks), and legal compliance issues concerning the cybersecurity threat landscape, will be better prepared to mitigate those risks or handle the risks when they discover a cybersecurity event.

© 2023 Alan S. Wernick and Aronberg Goldgehn.