MUNICH (dpa-AFX) - According to reinsurer Munich Re, the potential damage from cyber attacks is now so great that preventive protective shields would make sense. The losses caused by "catastrophic systemic events" - such as cyber warfare or the failure of critical infrastructure - would exceed the capacities of the insurance industry, write the experts at the Munich-based DAX-listed company in a report on cybercrime published on Thursday.
As such scenarios could threaten macroeconomic stability, the company advocates the involvement of governments in order to keep the risks manageable. Munich Re refers to estimates by the statistics platform Statista, according to which the global losses caused by cybercrime could rise from a good 8 trillion dollars in 2023 to 13.8 trillion dollars by 2028.
Two factors are contributing to the increasing risks: Technical progress, including artificial intelligence (AI), is making business easier for the perpetrators. In addition, some countries are directly involved in cyber attacks or at least support criminal gangs. The company did not name any specific countries, but security experts often blame Russia and China.
Phishing emails as a gateway for cyber attacks
"The era of generative artificial intelligence has only just begun," says Munich Re cyber expert Martin Kreuzer. "The use of artificial intelligence also allows criminal actors to achieve economies of scale through a qualitatively new level of automation, for example with phishing emails. Even in 2024, these will still be by far the most common gateway for cyber attacks."
In the legal business world, the term "economies of scale" means advantage through size - the more a company can produce of a product, the more favorable the manufacturing costs in proportion. According to Kreuzer, a similar mechanism also works in criminal business.
Phishing emails are designed to encourage recipients to click on malicious links to install computer viruses, disclose data or engage in personal contact with fraudsters. "AI also makes it easier to personalize such messages and helps attackers to recognize how they can target which people with which topics," said Kreuzer. As an example, the cyber expert cited automated monitoring of social media accounts, with which the perpetrators can collect information about potential addressees.
AI useful on both sides
Large hacker groups would also develop their own generative AI in future and train it for malicious purposes, said Kreuzer - "for example, to discover weaknesses in IT security".
However, Kreuzer emphasized that AI is not only useful for the perpetrators, but can also facilitate defense. "On the other hand, AI also enables more effective cyber defense, for example in the detection of anomalies and via automated feedback."
In general, the reinsurer believes that protection against cyber attacks is still inadequate. "Expertise in the field of IT security is still thin on the ground," said Kreuzer. "In addition, appropriate investment in the technologies is needed and, as a third step, the processes to use the technology effectively in line with the respective needs."
Germany is "not the country with the highest level of digitalization", said the cyber expert. "Politicians have recognized the importance of AI, but it remains to be seen whether there is the will and budget for rapid implementation in Germany."/cho/DP/mis