Major cyber incidents can decrease shareholder value 9%
Ransomware claims increased 38% between Q4 2022-Q1 2023, according to Aon.
Companies that have a major cyber incident can see a 9% drop in shareholder value in the year following the incident, according to Aon plc. For companies hit extremely hard by a cyber incident, the decline in shareholder value can be as much as 21%.
These drops in value show how important it is that companies proactively manage cyber risks.
Conversely, companies that successfully manage a cyber event have seen an average increase in value of 18%, above market trends. Aon noted that these companies act swiftly, effectively minimize damage and control the reputational narrative to the benefit of their brands.
“We observe that the C-suite increasingly sees that cyber events have the potential to impact all areas of their business,” Christian Hoffman, global cyber leader for Aon, said in a release. “Achieving cyber resilience is a recurring theme in board room discussions and the threat is now being addressed from a holistic risk perspective.”
This news comes as the cyber market has been softening, due in part to a drop in ransomware activity. During the opening quarter of 2023, cyber insurance rates increased 8.4% compared with 15% average increases seen in the final quarter of 2022, according to AM Best, which noted the effects of price moderation are yet to be seen.
According to Marsh, increased competition in the sector, better cybersecurity measures and a drop in ransomware attacks in 2022 each have a role in the current rate environment.
While the cyber and E&O markets have been stable, with new capacity and lower loss ratios, “the underwriting process remains rigorous,” according to Aon.
While ransomware events dropped 16% from 2022’s third to fourth quarters, Aon reported that from Q4 2022-Q1 2023 the number of ransomware claims increased 38%.
According to Aon, access management, business resilience and data security/patch management are the critical cyber controls that insurers are focused on, as these measures can help reduce the probability or severity of a ransomware event.
Related: