As the digital landscape continues to evolve, understanding cyber risks and their impact on businesses has never been more critical. Today, we’re thrilled to sit down with Simon Glairy, a renowned expert in insurance and Insurtech, with a sharp focus on risk management and AI-driven risk assessment. With years of experience under his belt, Simon offers unparalleled insights into the latest trends in cyber claims and how organizations can safeguard themselves against escalating threats. In this conversation, we dive into the findings of a recent comprehensive study on cyber losses, exploring the dominance of high-value claims, the rise of ransomware, and the promising improvements in breach detection, while also discussing tailored strategies for businesses across different industries.
Can you give us a broad picture of the recent cyber claims study and what it set out to achieve?
Absolutely. The study I’ve been looking at analyzed over 300 cyber claims spanning a decade, with the primary goal of understanding the patterns and trends behind cyber losses. It dug into the types of incidents, their severity, the industries most affected, and even how insurance policies are triggered. The idea was to paint a clear picture of how cyber risks have evolved and to provide actionable insights for better risk management and underwriting practices.
Why was it so important to examine claims over such an extended period like ten years?
Looking at a decade of data gives us a unique perspective on how cyber threats have shifted over time. Cyber risks aren’t static—new threats emerge, attack methods get more sophisticated, and businesses adapt in response. A long-term view helps us spot those evolving patterns, like the surge in certain types of attacks or changes in how companies detect breaches. It’s critical for anticipating future risks and designing solutions that stay ahead of the curve.
The study revealed that a staggering 88% of global cyber losses stem from claims over $1 million. What does this say about the current state of cyber risks?
It highlights just how concentrated and severe cyber risks have become. A small number of high-value claims are driving the vast majority of losses, which tells us that while many incidents might be minor, the ones that hit hard can be catastrophic. It’s a wake-up call for businesses to prioritize robust defenses, because the financial and operational impact of these big claims can be devastating if you’re not prepared.
Are these large claims becoming more frequent, or have they always been a significant factor?
They’ve definitely become more frequent and severe over the years. As cyber criminals refine their tactics and target larger organizations with more to lose, we’re seeing an uptick in both the number and the cost of these major claims. It’s not just that they’ve always been there; the scale and complexity of attacks have grown, making these losses a bigger part of the overall picture today.
Ransomware has emerged as a leading threat, accounting for over half of large claims in recent years. What’s behind this dramatic rise since 2018?
Ransomware has skyrocketed because it’s incredibly lucrative for attackers. Since around 2018, we’ve seen cybercriminals professionalize their operations—think ransomware-as-a-service models where even less-skilled attackers can launch sophisticated campaigns. It’s a double whammy: they lock up critical systems and demand payment, often paired with threats to leak stolen data. This creates immense pressure on businesses to pay up, fueling the cycle of more attacks.
Are there specific industries that seem more vulnerable to ransomware attacks?
Yes, certain sectors are more at risk due to the nature of their operations. Manufacturing and retail, for instance, often face significant business interruption from ransomware because their systems are so tied to daily operations. Healthcare is another prime target—think hospitals where downtime can literally be life-threatening, making them more likely to pay ransoms. Financial services also see a high volume because of the sensitive data they hold. It’s really about where attackers see the biggest payoff.
The study pointed out improvements like shorter shutdown times and better breach detection. What’s driving these positive changes?
A lot of it comes down to companies getting smarter about cybersecurity. More organizations are investing in advanced monitoring tools and training their staff to spot issues early. There’s also a cultural shift—businesses are taking a more proactive stance, running regular simulations and building incident response plans. Technology like AI and machine learning is playing a role too, helping to detect anomalies faster than ever before.
How significant is it that more companies are detecting breaches on their own now compared to a few years back?
It’s a game-changer. A few years ago, many breaches were only discovered by external parties—sometimes after the damage was already done. Now, with internal detection rates jumping from around 35% to over 65% in recent years, companies are catching threats earlier, which often means less downtime and lower costs. It shows that investments in cybersecurity awareness and tools are paying off, giving businesses more control over their own defenses.
Cyber risks seem to vary across industries. Can you walk us through how these threats impact one sector, like manufacturing, differently from another, like healthcare?
Absolutely. In manufacturing, cyber incidents like ransomware often lead to major business interruption because their operations rely heavily on connected systems—think production lines grinding to a halt. The financial hit comes from lost production time. In healthcare, the stakes are even higher because a breach can disrupt patient care and compromise sensitive data. Hospitals might face not just financial losses but also regulatory penalties and reputational damage. Each industry has unique pain points that shape how cyber risks play out.
What’s your forecast for the future of cyber risks and how businesses can prepare for what’s coming?
I think we’re going to see cyber risks continue to grow in complexity, with attackers leveraging emerging technologies like AI to craft more targeted and damaging campaigns. Ransomware isn’t going away anytime soon, and we might see more focus on supply chain attacks as businesses become increasingly interconnected. For preparation, companies need to double down on resilience—building layered defenses, regularly testing their systems, and fostering a culture of cybersecurity awareness. Collaboration will also be key, whether it’s sharing threat intelligence or working with insurers to tailor coverage. Staying ahead means being proactive, not just reactive.
