Emerging risks | Growth Opportunities | APAC Insurance

Tuesday, July 14, 2026

Insight by…

Insight by type

Munich Re advocates for government support amid growing cyber risks

Global reinsurer expects insurance GWP to double by 2027, but warns more needs to be done for the potential of catastrophic, systemic events.
Munich re advocates for government support amid growing cyber risks  rein asia
April 11, 2024

 • 

6 min read
The Inaugural Recognising excellence in Asia's insurance industry Find out more Entries close
28 August

(Re)in Summary

• Ransomware has been the main vector of cyber attacks on businesses between 2020 and 2023. 
• Munich Re said that ransomware as a service (RaaS) offerings on the dark web are becoming increasingly sophisticated. 
• Manufacturing is the industrial sector which is most exposed to ransomware attacks over the period surveyed by Munich Re.
• Munich Re called for state-led initiatives to help deal with systemic cyber risks such as war or loss of critical infrastructure.

Ransomware will continue to be the dominant risk and loss driver for cyber insurance according to Munich Re, with the global reinsurer advocating for governments to jointly manage the growing potential for catastrophic, systemic risks.

The German firm made the comments in a report released ahead of the publication of its Cyber Risk and Insurance Survey 2024.  

According to research by the Munich Re Cyber Data Analytics Team ransomware was the leading cause of cyber insurance losses for the period 2023, with technological and tactical advances by criminals in this area suggesting it will remain the primary cyber threat to businesses.

The reinsurer warned that large-risk events threaten macroeconomic stability and urged for public-private partnerships as a precautionary measure of last resort.

While a number of sectors fell victim to this form of cyber attack, manufacturing was identified as the industry with the highest number of ransomware claims.

The reinsurer said that the cyber-attack market was evolving and that even more competitive Ransomware-as-a-Service (RaaS) models will become available to bad actors on the dark web.

The global cyber insurance market is growing and was worth US$14bn in 2023 according to Munich Re, which estimated the market would reach US$29bn in size by 2027. 

“Showing significant growth potential, the market is driven by the awareness of the increasing frequency and sophistication of cyber-attacks, including the potential financial repercussions, as well as by stricter regulatory requirements,” the Munich Re report said. 

Munich Re said that it expected hackers’ capabilities to be further enhanced by AI. This will enable a high degree of automation in hacking processes and lead to a strong individualisation of attacks – such as translating phishing emails into multiple languages by AI. 

Extortion methods

Munich Re experts also expect a further diversification of extortion methods beyond encryption, continuing the shift already observed from a focus on data for extortion towards exploitable data for sale, potentially targeting employees, suppliers, customers and other third parties.

The German firm said that it expected to see an increase in insurance claims linked to business email compromise (BEC) and business communication compromise (BCC) in the future. 

BCC and BEC attacks typically deceive people within companies into performing harmful actions, such as making unauthorised payments or releasing sensitive data.

Examples of BEC and BCC attacks include CEO fraud, where hackers pose as executives and instruct employees to transfer money and again advances in AI are likely to power this type of criminal activity Munich Re said. 

The reinsurer cited research from Crypto firm Chainanalysis which said that BECs caused US$3bn of losses globally and the number of cases in 2023 alone doubled. 

Low-hanging fruit

The average cost to a company from suffering a breach reached an all-time high of US$4.4m last year according to data quoted by Munich Re.   

“As scammers seek to harvest comparatively low-hanging fruit, BEC remains a top attack vector, especially since it is easy to carry out and requires virtually no technical knowledge while reaping very high rewards. 

It is not only email that is used as a gateway, but also all communication platforms and social media channels. 

Needless to say, BEC and BCC attacks not only cause high financial losses, but also lead to an erosion of trust and reputational damage,” Munich Re said. 

“As scammers seek to harvest comparatively low-hanging fruit, BEC remains a top attack vector, especially since it is easy to carry out and requires virtually no technical knowledge while reaping very high rewards. “

Munich Re

Job title

The increasing focus on cyber securities by authorities globally has sparked a rash of consumer data protection regulation. 

Munich Re said that by the end of 2024 privacy regulation will cover three quarters of consumer data worldwide, but that 60% of global entities faced challenges complying with  intensifying data protection regulation and privacy requirements.

“The value and criticality of data, together with governing data regulation and underlying issues regarding liability, will further push the emergence of more groups offering hack-for-hire and data theft services,” said Munich Re.  

Munich Re said that while cyber insurance was helping create a layer of business resilience to hackers there was a limit to how much support could  be offered. 

Just as flood and terrorism risk have been underwritten by public-private sector initiatives Flood Re and Pool Re respectively Munich Re there was a need for a state-led response to deal with catastrophic systemic events like cyber war or outage of critical infrastructure. 

“Such scenarios pose a threat to macroeconomic stability which is why societies need the involvement of governments to manage these potentially catastrophic cyber risks. 

Munich Re can and will support the development of solutions and clearly advocates for the implementation of economic cyber protection as a precautionary measure of last resort,” the reinsurer said. 

Jürgen Reinhart, Munich Re’s Chief Underwriter Cyber warned that the most severe systemic cyber risks can’t be borne by the private sector. 

“We are prepared to help governments to jointly manage these potentially catastrophic, systemic risks for our societies, by seeking alternative solutions,” he said. 

The Inaugural Recognising excellence in Asia's insurance industry Find out more Entries close
28 August