Climate change and cyber risks top the list of concerns according to AXA Future Risks Report 2021. Moreover, for the first time, cyber risk takes the lead in the United States and the second place in all other geographies.
The percentage of experts selecting cyber security among their top five risks has increased from 54% in the 2018 survey to 61% this year. Only 26% of our experts believe that governments are prepared for cyber security risks, a figure that has not improved since we first asked the question in 2019.
When asked what kind of aspect of cyber security risk prompted them to choose this risk among their top five, experts were most likely to select “shutdown of essential services and critical infrastructure (47%) and “cyber extortion and ransomware” (21%)
Among the public, awareness of these risks has not yet reached the same levels. The public ranked cyber security risk two places lower than the experts at fourth overall – and when asked why they chose that risk, they were more likely than experts to nominate the alternative options of “identity theft” (30%) and “loss of privacy” (18%) instead.
AXA predicted the number of “significant cyber incidents” in 2021 would hit an all-time high of 144, versus just 26 a decade ago and only one back in 2003. However, it was unclear what qualified as “significant.”
The report argued that the surge in serious events has increased the urgency to “clarify the roles of the state and insurers in helping to secure vital economic functions.” It added that greater public-private cooperation was needed to improve protections for essential public services.
The prospect of established global rules to govern cyberspace is as distant as ever, AXA claimed.
“Ideally, a mix of punitive actions and diplomacy would establish norms for governments to keep cyber-espionage within limits, and not tolerate ransomware gangs operating from their territory,” it argued.
“Espionage will likely continue, since states have strong incentives to try to gain surreptitious access to their adversaries’ networks and a growing market in hacking-for-hire services is bringing advanced hacking tools into the reach of more state actors.”
In the future, insurers, governments and multi-national organizations must work together more closely to define what constitutes cyber-related acts of war, the report concluded. It pointed out that this is because it gets increasingly difficult to differentiate and categorize various incidents.
Insurers traditionally don’t cover acts of war, which has led to expensive lawsuits in the past over these definitions.