Preventive measures

Cybercrime: insurer pleads for protective shields

According to reinsurer Munich Re, the potential damage from cyberattacks is now so great that preventive protective shields would make sense. The damage caused by "catastrophic systemic events" - such as cyber warfare or the failure of critical infrastructure - would exceed the capacities of the insurance industry, the experts write in a report on cybercrime published on Thursday.

As such scenarios could threaten macroeconomic stability, the company advocates the involvement of governments in order to keep the risks manageable. Munich Re refers to estimates by the statistics platform Statista, according to which the global losses caused by cybercrime could rise from a good eight trillion dollars (around 7400 billion euros) in 2023 to 13.8 trillion dollars by 2028.

According to the report, two factors are contributing to the increasing risks: Technical progress, including artificial intelligence (AI), is making business easier for perpetrators. In addition, some states are directly involved in cyber attacks or at least support criminal gangs. 

"The era of generative artificial intelligence has only just begun," says Munich Re expert Martin Kreuzer. "The use of artificial intelligence also allows criminal actors to achieve economies of scale through a qualitatively new level of automation, for example in phishing emails. Even in 2024, these will still be by far the most common gateway for cyber attacks."

In the legal business world, the term "economies of scale" means advantage through size - the more a company can produce of a product, the more favorable the manufacturing costs in proportion. According to Kreuzer, a similar mechanism also works in criminal business.

Advantages of AI for both sides
Phishing emails are designed to encourage recipients to click on malicious links to install computer viruses, disclose data or engage in personal contact with fraudsters. "AI also makes it easier to personalize such messages and helps attackers to identify how they can target which people with which topics," said Kreuzer.

As an example, he cited automated monitoring of social media accounts, which allows the perpetrators to collect information about potential addressees.

Large hacker groups would also develop their own generative AI in future and train it for malicious purposes, said Kreuzer - "for example to discover vulnerabilities in IT security".

However, Kreuzer emphasized that AI is not only useful for the perpetrators, but can also facilitate defense. "On the other hand, AI also enables more effective cyber defense, for example in the detection of anomalies and via automated feedback."

Still inadequate protection
In general, the reinsurer believes that protection against cyber attacks is still inadequate. "Expertise in the field of IT security is still thin on the ground," said Kreuzer. "In addition, appropriate investment in technology is needed and, as a third step, the processes to use the technology effectively in line with the respective needs."