Advisen Loss Insight: Europe’s cyber landscape

By Erin Ayers on July 9, 2015

With the European Union considering its final moves toward tougher privacy regulations, Advisen Loss Insights database offers a look at the cyber-related events in Europe in recent years. The recorded occurrences tend to most frequently affect the services industry (a wide-ranging category of businesses excluding wholesale and retail) at 36 percent of all events and public administration at 29 percent. The finance, insurance, and real estate sector represents a close third for cyber events, at 17 percent. It is interesting to note that the wholesale and retail industry only accounts for 4 percent of all events, unlike the U.S., which sees many more retail breaches overall. This may also be attributed to fewer notification requirements in Europe.

In Europe, the services category has increased in event occurrence over the last five years, outpacing growth in the public administration sector. Finance, insurance, and real estate entities also began seeing more events as of 2011, growing fairly steadily.

Most privacy or cyber-related events in Europe tend to result in relatively low losses — but several cases show theft of between $1 million and $2 million by way of several common cyber culprits including spear phishing emails, employee theft, malicious hacking events and fines levied by financial authorities against businesses.

European cyber and privacy events occur through a fairly even mix of avenues While servers and websites are frequently hacked, the “other” cause of loss category ranked the highest. One such case which affected American Express’ European division involved the loss of USD$300 million via electronic “skimmer” machines installed with the help of dishonest cashiers at gas stations, supermarkets, and hotels throughout Europe. The scheme originated in Kenya and was tracked back to its source by the Central Bank of Kenya’s fraud unit.

Personal privacy, perhaps more than in the U.S., ranked as the dominant type of loss for European cyber-related cases. This reflects recently revealed concerns by Europeans that businesses and governments will misuse data or collect it without express permission from the public. One high-profile case involved a lawsuit against Trinity Mirror, publisher of the UK tabloid Daily Mirror for hacking the cellphones of several celebrities in search of gossip to publish. A court ultimately awarded the plaintiffs 1.2 million pounds as restitution.

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].