skip nav

Cyber Claims on the rise in the Nordics

Topic Featured News

Cyber incident

The past two years have shown an increase in the amount of cyber claims on both a European and a Nordic level. So far, AIG and its cyber insurance business partners have handled over 100 cyber incidents in the Nordics. Of those incidents, approximately 30 have happened and been handled in Finland. On a European level, AIG handled 320 cyber incidents in 2017, which is more than the total amount of cyber claims received between 2013 and 2016.

AIG’s Complex Commercial Claims Manager for Finland and Sweden, Tiina Jovio, and AIG Finland’s Cyber Underwriter Anna-Maria Varis, share their insights regarding cyber incidents.

Tell us about typical cyber claims in the Nordics.

TJ: At the moment, the most common type of cyber incident in the Nordics is some form of data breach; either a third party has managed to hack into a company’s systems or a company’s employee has made some classified information public, by human error or for some other reason.

Can you walk us through what happens when AIG’s cyber insurance client suspects a cyber incident?

TJ: When a client suspects a cyber incident, the first thing they have to do is to call AIG’s hotline in order to commence an efficient first response process. After this first contact, the case is taken care of by our cyber insurance business partners. Within 90 minutes from the call to our hotline, the first response team contacts the client with further instructions. The first response team can support the clients with IT, legal and PR related issues.

An efficient first response process plays a crucial role in preventing any additional losses. Thanks to the support the first response team is able to give our clients, the additional losses can usually be mitigated regardless of what kind of IT resources the clients have on their own.

What is great about our cyber insurance is that we do not apply any deductible to the first response expenses and that we cover these expenses even if a cyber attack is only suspected to have occurred. I would say that it is better to be proactive and contact the hotline when you feel that something might be wrong than to wait until an incident has become obvious. The only thing the clients need to know when calling the hotline is their policy number – they do not need to know what kind of cyber incident they are possibly facing, that is what our experts are there for.

How do you see the future of cyber incidents? Can you define some cyber trends that clients should be aware of in the near future?

AMV: According to AIG’s Cyber Claims report, ransomware remains the top cause of loss for cyber claims and the more traditional forms of extortion are expected to become an issue in data breaches and become more targeted. This is currently a trend in the US market, but has resulted in losses also for European companies, particularly those with a US presence. The General Data Protection Regulation (GDPR) is likely to become another tool for negotiation by extortionists, who will threaten to compromise an organization’s data unless a payment is received, knowing that the consequences will be more significant under the new regime.

Generally, I would say that cyber crimes and cyber risks are continuously on the rise. Cyber criminals are getting more and more competent and they are really quick to come up with new ways to commit cyber crimes. For any single company, it may be hard to keep up with the ever-evolving trends of cyber crimes, but we at AIG see the big picture of cyber crimes as we handle a lot of cyber incidents. This is definitely a benefit to all of our clients and takes some pressure off of them.

Learn more about Cyber Insurance.