Jessica joined RWA in 2018, having graduated with a First Class Honours degree in Film Studies. Her role as a content designer involves developing new and engaging e-learning modules as well as assisting in the creation of articles for Insight.
What Cyber Risks Pose the Biggest Threats to Businesses in 2023?
Cyber-attacks have been increasing in frequency, scale, and sophistication in recent years. Cybercriminals are using new tactics and techniques to breach organisations' defences and encrypt their data, making it difficult for businesses to recover without paying a ransom.
As a result, insurance policies are constantly having to evolve to keep up with the changing landscape, but they are also becoming more complex. Insurers need to have a deep understanding of the risks and exposures to be able to provide effective coverage for ransomware attacks.
A Mutating Threat
According to the World Economic Forum report, one of the biggest potential risks is a “mutating” threat, which could have catastrophic implications on a global scale should it ever occur. This cyber threat could take the form of an AI-enabled virus that transforms as it infects various systems and organisations, to evade defence systems or even detection. The increasing digitisation of society, social and economical changes brought on by the Covid-19 pandemic, and political instability, such as the war in Ukraine, are all leading factors in how this threat could grow over the next few years.
Ransomware
Ransomware is a type of malicious software that encrypts a company's files and data, making them inaccessible until a ransom is paid to the attacker. This can cause significant disruption to a business, including lost productivity and revenue.
A ransomware attack can have far-reaching consequences. In January this year, the Royal Mail suffered a ransomware attack by cybercriminal cartel, LockBit. The attack caused significant disruption to its’ overseas dispatch systems and caused almost a month’s worth of delays, some of which are still ongoing.
The cost of ransomware attacks has been increasing over time, with the average demand for ransom payment reaching the millions. In the case of the Royal Mail ransomware attack, LockBit initially demanded £66m, which was rejected as an “absurd” amount by the Royal Mail. The amount was then dropped to approximately £47m.
In addition to monetary cost and lost productivity, reputational damage, and legal liabilities can add up quickly, making ransomware attacks a costly problem in more ways than one for businesses.
Another potential risk with ransomware attacks is that the hacker becomes frustrated that their demands are not being met, or that a company’s prevention measures are cutting off their access to larger systems. This may result in them deciding to retaliate by carrying out a ‘wiper attack’ by irreversibly erasing the data they already have access to or leaking the data, regardless of if the demand has been met. The result is a no-win situation for all those affected.
Phishing, social engineering and human error
Hackers are relying more on social engineering and human error by setting up convincing scams that trick their victims into unintentionally leaving their systems exposed to an attack. These risks are the most common cyber threats a business can experience. Social engineering attacks are used to manipulate victims into a false sense of security, playing on the victim’s trust that the person on the other end of the channel is who they allege themselves to be.
Phishing scams are the most well-known techniques of social engineering. Phishing attacks involve the hacker sending out multiple emails, text messages, or phone calls, pretending to be from a legitimate source, which tricks the victim into disclosing sensitive information, such as a password or bank details.
We covered several reports last year and looked at the impact on the businesses that have fallen victim to these types of cyber-attacks.
One method that is increasingly being recognised is where the victim is bombarded with false two-factor authentication messages until the victim accidentally accepts the request, thus giving the hacker a way in to their systems.
Even the most effective software cannot provide adequate protection from these cyber threats as they are becoming more and more sophisticated. As we have already seen, it is a constantly evolving threat, which means insurers also need to adapt to remain vigilant and work towards increasing resilience so that they themselves don’t become the next victim.
Users of the Development Zone can access a range of curated modules covering Cyber Risks and Data Security through our Content Catalogue. For those not currently using the system, you can find out more and request a free 14-day trial here: https://mydevelopment.zone/#getStarted