Supply chain attacks are the next big threat in cyber-space: The attacks on Kaseya or Solarwinds have shown in a frightening way how profound and expensive the consequences can be for medium-sized businesses. Therefore, no company can avoid good cyber hygiene, says Michael Daum, Senior Cyber Underwriter at Allianz Global Corporate & Specialty in Central and Eastern Europe.

The employees of American IT company Kaseya just wanted to enjoy the weekend, on which this year Independence Day was also celebrated in the US. But then the holiday mood at the company’s US headquarters in Florida quickly came to an end. A cyberattack on the company, which claims to be the leading provider of information technology and IT security for small and medium-sized enterprises, not only hit the company hard. Kaseya’s software had also been manipulated by blackmail software in such a way that more than a thousand companies – mainly small and medium-sized enterprises – were affected. Among those who suffered was the Swedish supermarket chain Coop, which had to temporarily close 800 stores due to malfunctioning cash registers.

This example shows that even if you are not the direct victim of a cyber-attack, you can still feel the effects in your own company via the supply chain. Supply chain attacks are the next big trend in cyberspace, with experts at Allianz Global Corporate & Specialty (AGCS) observing two main types: First, we are seeing more attacks targeting software/IT service providers such as Kaseya and using them to spread the malware. Another example was the SolarWinds attack earlier this year, which affected tens of thousands of companies. All of the victims were using SolarWinds’s Orion software platform. Using a compromised update, the attackers were able to inject a backdoor, christened “Sunburst”, into the systems and networks of users of the listed US company. Such service providers or software vendors are likely to become prime targets for cybercriminals in the future, as they often supply hundreds or thousands of companies with software solutions and therefore offer criminals the opportunity for higher revenues.

Second, we are increasingly seeing attacks that target physical supply chains or critical infrastructure, such as the attack on the Colonial Pipeline, the largest oil pipeline in the US. Nearly half of all fuel consumed on the U.S. East Coast passes through the pipeline. As a result, parts of the country experienced gasoline shortages and airlines also felt the effects.

The attack pattern is similar in both cases. The attackers from cyberspace lock or encrypt the computer systems of their victims in order to extort a ransom (ransomware) from the users for the release. Not all attacks are targeted. Criminals also often take a shotgun approach to target those companies that are unconcerned about or unaware of their vulnerabilities and security holes. According to Accenture, the number of cyberattacks increased 125% globally in the first half of 2021 compared to the previous year, with ransomware and extortion attempts being one of the main reasons for this increase. According to the FBI and CISA, there was a 62% increase in ransomware incidents in the U.S. during the same period, following a 20% increase in the entire year of 2020. These trends in cyber risk are reflected in AGCS’ own claims experience. AGCS was involved in over a thousand cyber claims in total in 2020, up from around 80 in 2016; the number of ransomware claims increased by around half compared to 2019. In general, losses from external cyber incidents such as ransomware or distributed denial of service (DDoS) attacks account for the majority of the value of all cyber losses analyzed by AGCS over the past six years.

In view of these frightening figures, the understanding in large companies of the complex cyber risks and also of the possibilities of risk transfer has now increased significantly and is contributing to greater risk awareness. In small and medium-sized companies, on the other hand, there is still a clear need to catch up, as evidenced by our risk dialogues that are regularly conducted in the companies. For example, we found that multi-factor authentication (for remote access, privileged IT accounts or remote maintenance) is lacking in many cases or that employees have not been sufficiently trained against external attacks.

However, regular patching and two-factor authentication, as well as information security training, are just as important as good cyber hygiene in preventing ransomware attacks. Cybersecurity tools such as endpoint detection and response (EDR) services and anti-ransomware toolkits and services can also help prevent attacks, detect threats. Reliable response and business continuity plans are also key to mitigating the impact of a ransomware attack, with focused preparation and rapid response making all the difference in managing a crisis. Response plans should be regularly tested against ransomware scenarios, and roles, responsibilities and lines of communication should be clearly defined. Frequent backups, including of critical systems and data, are also critical to mitigating the impact and speeding recovery and operations. In the event of a ransomware or other cyber extortion incident, companies should follow their response plan and specifically inform senior management and the legal department. If the legal department is involved from the beginning, the risk of class action lawsuits or other legal claims that could be brought in the wake of the data breach can be reduced. If cyber insurance is in place, it is also recommended that the insurance carrier be informed from the outset to verify that the applicable cyber insurance policy provides coverage.

Regardless of the final confirmation of cover, cyber policyholders at AGCS benefit from 24/7 access to emergency services. These services typically include the services of a professional crisis manager, forensic IT support and legal advice. Another service offered is the free creation of a cyber crisis management plan. Our estimates suggest that the losses in around 80% of ransomware incidents could have been avoided if companies had followed basic security measures.

These figures show why, above all, a reliable response plan is so crucial: Business interruption damage and recovery costs are the biggest driver of ransomware damage. The average downtime after a ransomware attack is now 23 days, with total recovery and downtime costs also more than doubling in the past year. They have risen from around €700,000 in 2020 to €1.6 million in 2021. So when it comes to cyber business disruption, timing is everything. By the time a company pays a ransom demand after two weeks to obtain the decryption key, the business interruption loss has already manifested itself and the handsome cost of trying to restore systems and data has already been incurred. The cost of hiring forensic experts and legal advisors, for example, can be as high as €2,500 per day per head and easily reach a seven-figure sum.

We try to encourage our policyholders to avoid paying ransoms – especially as this only creates further incentives for the hackers’ criminal business model. The decision whether or not to pay a ransom is always made by the company in question. The better prepared the company is, the easier it will be to do without. In any case, the police authorities should be strongly involved from the very beginning. In Germany, the Federal Criminal Police Office is in charge, with which AGCS cooperates. The central office of the police continuously analyses current cybercrime trends and derives conclusions for the fight against cybercrime. This is important because cybercrime can only be successfully prevented and fought in close cooperation between businesses and security authorities. It cannot be done alone.

You may also like

Advancing Regulatory Alignment at RSA Conference 2025
icon External Engagement

Advancing Regulatory Alignment at RSA Conference 2025

In the face of rising global cyber threats, over 50 CISOs have called for greater international alignment of cybersecurity regulations to strengthen defenses and reduce fragmentation. This message was echoed at RSAC 2025, where experts from the OECD, European Commission, academia, and industry emphasized the need for principle-based collaboration. The Charter of Trust, a long-time advocate for regulatory harmonization, continues to support coordinated, effective approaches that prioritize clarity over complexity.
May 01, 2025
Richards Skalt takes over the Advocacy Workstream
icon External Engagement

Richards Skalt takes over the Advocacy Workstream

We are delighted to welcome Richard Skalt, Advocacy Manager at TÜV SÜD, as the new Leader of the Advocacy Workstream at the Charter of Trust. Richard steps into the role following María del Pino González-Junco, who recently assumed the position of Chair of the Global External Engagement Working Group.

With a strong background in advocacy and a forward-looking vision, Richard brings renewed energy to our mission of shaping a secure digital future. As he puts it:

“My motivation is to preserve and build upon the strong foundation of advocacy activities we’ve developed over the past years. At the same time, I’m committed to ensuring we’re in a position to shape the policies that will define how our business model and operations evolve in the future – including the cybersecurity of products and systems, the use, deployment, and distribution of robust AI solutions, as well as cloud security and secure datacenters.”

In a world defined by accelerating digital transformation and increasingly complex regulatory challenges, principled leadership and effective collaboration are more vital than ever. Under Richard’s leadership, the Advocacy Workstream will continue to engage policymakers, raise public awareness, and strengthen education around key issues such as cybersecurity, AI governance, and secure digital infrastructures.
April 29, 2025
New Chairwoman for the Global External Engagement Group
icon External Engagement

New Chairwoman for the Global External Engagement Group

The Charter of Trust is proud to announce María del Pino González-Junco, Cybersecurity Alliances Manager at Siemens, as the new Chairwoman of the Global External Engagement Working Group. Her appointment marks a significant step forward in our shared mission to advance cybersecurity through strong international collaboration.

Pino’s election follows a dynamic Collaboration Week in Denmark, where Charter of Trust partners from around the world came together to align on strategy, strengthen partnerships, and reaffirm our commitment to a secure digital future. As a longstanding leader within the advocacy workstream, Pino has been instrumental in fostering open dialogue with key external stakeholders and promoting cybersecurity awareness across industries and institutions.

“A reliable digital world can only thrive if public and private institutions build trust and cyber-resilience together, share their expertise, and support society in this digital journey. Those are our goals at the Charter of Trust,” says Pino.

She takes over the role from Sumit Chanda, COO/CISO at Atos, who has guided the working group with vision and energy. We are pleased to share that Dr Chanda has since been elected Co-Chair of the Charter of Trust by the Board of Directors in February—ensuring his continued impact on the initiative’s strategic direction.

We extend our sincere thanks to Sumit for his outstanding leadership and warmly congratulate Pino on her new role.
April 24, 2025