Move over COVID. Insurers in Australia and globally have a more pressing viral threat on their radar – one that has already stoked geopolitical fears of a new Cold War that could be fought, not with nuclear weapon launch codes, but with the click of a mouse.

In the latest Aon biennial risk survey, the insurance sector ranked cyber attacks/data breach as posing the biggest danger to its business, and believes it will remain so in three years’ time. Insurance is one of 16 industries covered by the Global Risk Management Survey.

Rounding out the top-ten list of current risks facing the industry are regulatory/legislative changes, damage to reputation/brand, increasing competition, business interruption, tech failure/system failure, failure to innovate/meet customer needs, data privacy requirements/non-compliance, failure to attract or retain top talent, and finally, economic slowdown/slow recovery.

Come 2024, the second-biggest threat after cyber is predicted to be economic slowdown/slow recovery, followed by failure to innovate/meet customer needs, data privacy requirements/non-compliance and business interruption.

The latest findings from the Aon survey illustrate just how much the external threat environment has shifted for the insurance industry in the last two years. And it is notable that climate change did not figure at all in the top-10 current and 2024 top-5 risk list. This despite the industry being very vocal about the unmitigated impact of global warming on its business.

The Aon survey is further confirmation of what a slew of other recent reports from the industry has concluded: cyber crime is getting worse for the industry and the world at large, and it comes with huge financial repercussions.

A quarterly Marsh price tracker, also released last week, found cyber premium rates continue to rise sharply as insurers seek to cover ransomware losses. In the US, the world’s biggest cyber market, pricing surged 96% in the September quarter from 52% in the preceding period. The broker says the frequency and severity of ransomware claims are to blame for the hardening rates.

In the Australia-led Pacific market, it was a similar storyline. Cyber premiums hardened significantly, reflecting how insurers feel about providing cover for the risk amid a wave of ransomware attacks across the globe.

So serious is the threat that President Joe Biden warned in July that cyber assaults could lead to a “real shooting war with a major power” after a series of hits, many believed to have been carried out by Russia and China, successfully hacked high-profile US targets including the largest fuel pipeline in the country. Colonial Pipeline paid nearly $US5 million ($6.7 million) to the hackers to restore the pipeline and a portion of that was later recovered by the US Department of Justice.

Aon says the key issues currently facing the insurance industry are reflected in the risk selection, pointing out insurers are focused on finding ways to remain relevant to their customers while also managing their changing risk profiles.

Heightened awareness of the cyber threat in itself is not going to be enough, according to the broker.

“The risk of cyber attack and data breach ranks at number one, but it could still be underrated by the industry,” Aon said.

“Unknown and evolving cyber threats have the potential to impact the industry’s underwriting results and significantly disrupt insurance company operations.

“Insurers must not only manage how they underwrite cyber risks but also make large investments of their own to bolster the ability of their systems to withstand a cyber attack against them directly or against their vendors or trading partners.”

The financial hit to the industry is already apparent. Aon says its Underwriting Survey Data of 2021 shows ransomware now accounts for the majority of insurer cyber losses – more than 58% – with loss ratios increasing 5-25% for all large cyber underwriters.

According to Aon, the number of cyber attacks on corporations broke all records last year. Over the period from the first quarter of 2018 to the December quarter last year, ransomware assaults increased 400%.

Aon says the sharp jump reflects in part the shift to remote working during the pandemic, a situation that has given rise to more opportunities for cyber thieves to stake out their targets.

“Technology played a central role during the lockdowns of 2020 and acceleration of economic activity during the reopening in 2021, but this dependency has also created more cyber ‘attack surface’, presenting more potential security vulnerabilities to bad actors,” Aon said.

While the pandemic risk is an issue in its own right, Aon says it has also acted as a catalyst and magnifier, accelerating changes in the way companies operate and, in turn, other existing risks.

“As the pandemic catalysed the rapid digital evolution of business models across all industries, there has been an acknowledgment that cyber risk will now be a persistent threat to the ‘new normal’ going forward,” Aon Cyber Risk Consulting Global Practice Leader Adam Peckman said.

“With distributed supply chains, automation, remote working and e-commerce underpinning these new models, our risk mitigation and insurance market strategies to manage cyber risk will need to continue evolving to stay ahead.”

The world developed vaccines for the COVID virus in record time. For the insurance industry, measures to thwart the apparently unstoppable spread of ransomware and other cyber attacks can’t come soon enough.