Ransomware remains a top cyber risk for businesses, but new threats emerging
- Written by Reporters
- Allianz Global Corporate & Specialty cyber report: Growing cost of ransomware attacks impacting businesses of all sizes
- Sophistication and frequency of business email compromise attacks also increasing
- Emerging risk trends include: heightened risk of state-sponsored attacks, the evolving third party liability landscape, a shortage of cyber security professionals, and cyber governance under increasing ESG scrutiny
- Better cyber risk insights help create a sustainable cyber insurance market
Double and triple extortion now the norm
"The cost of ransomware attacks has increased as criminals have targeted larger companies, critical infrastructure and supply chains. Criminals have honed their tactics to extort more money," Sayce explains. "Double and triple extortion attacks are now the norm – besides the encryption of systems, sensitive data is increasingly stolen and used as a leverage for extortion demands to business partners, suppliers or customers." Ransomware severity is likely to remain a key threat for businesses, fueled by the growing sophistication of gangs and rising inflation, which is reflected in the increased cost of IT and cyber security specialists. Increasingly, smaller and mid-sized companies which often lack controls and resources to invest in cyber security are being targeted by gangs as larger businesses invest more heavily in security. Gangs are also using a wide range of harrassment techniques, are tailoring their ransom demands to specific companies and are using expert negotiators to maximize returns.Sophisticated scams
Business email compromise (BEC) attacks continue to rise, facilitated by growing digitalization and availability of data, the shift to remote working and, increasingly, 'deep fake' technology and virtual conferencing. BEC scams totalled $43bn globally from 2016 to 2021 according to the FBI, with a 65% spike in scams between July 2019 and December 2021 alone. Attacks are becoming more sophisticated and targeted with criminals now using virtual meeting platforms to trick employees to transfer funds or share sensitive information. Increasingly, these attacks are enabled by artificial intelligence enabling 'deep fake 'audio or videos that mimic senior executives. Last year, a bank employee from the United Arab Emirates made a $35mn transfer after being misled by the cloned voice of a company director.The threat of cyber war
The war in Ukraine and wider geopolitical tensions are a major factor reshaping the cyber threat landscape as it increases the risk of espionage, sabotage and destructive cyber-attacks against companies with ties to Russia and Ukraine, as well as allies and those in neighboring countries. State-sponsored cyber acts could potentially target critical infrastructure, supply chains or corporations. "As yet the war between Russia and Ukraine has not led to a notable uptick in cyber insurance claims, however it does point to a potentially increased risk from nation-states," Sayce explains. Although acts of war are typically excluded from traditional insurance products, the risk of a hybrid cyber war has accelerated efforts in the insurance market to address the issue of war and state-sponsored cyber attacks in wordings and provide clarity of cover for customers. AGCS experts identify a number of other trends in the Cyber: The changing threat landscapereport including:- Hackers zero in on vulnerable supply chains: Supply chain attacks – whether on critical infrastructure such as the Colonial Pipeline or on cloud services – have emerged as a significant risk. Increasingly, ransomware gangs use the threat of disruption to pressure firms into paying ransoms, with manufacturing companies particularly vulnerable.
- Cloud outsourcing: Companies continue to shift their services and data storage on to the cloud, despite growing concerns around security and risk aggregation. By relying on a small number of providers for cloud services or cyber security, society is creating large concentrations around a few single points of failure. It is a common misconception that the outsourcing or cloud vendor will assume full responsibility in the event of an incident.
- Third-party liability, including fines and penalties, is becoming more relevant with advances in technology, organizations collecting more information and enforced data privacy regulation. Almost any cyber incident – including double-extortion ransomware – can lead to litigation and demands for compensation from affected parties.
- A shortage of professionals is hindering efforts to improve cyber security. While there is growing awareness among boards, the number of unfilled cyber security jobs worldwide has grown 350% over the past eight years to 3.5 million, estimates show, meaning many companies struggle to hire, impacting their ability to improve their cyber security posture.
- Cyber security increasingly seen through the ESG lens. Today, companies' cyber security resilience is scrutinized by far more stakeholder groups than in the past. Increasingly, cyber security considerations are incorporated into the ESG risk-analysis frameworks of data providers, who look into companies' practices to evaluate their preparedness for cyber crime. Making sure a company's cyber processes and policies are understood at the board level and that risk monitoring processes are in place has never been more important.
The issuer is solely responsible for the content of this announcement.
About Allianz Global Corporate & Specialty
Allianz Global Corporate & Specialty (AGCS) is a leading global corporate insurance carrier and a key business unit of Allianz Group. We provide risk consultancy, Property-Casualty insurance solutions and alternative risk transfer for a wide spectrum of commercial, corporate and specialty risks across nine dedicated lines of business and six regional hubs. Our customers are as diverse as business can be, ranging from Fortune Global 500 companies to small businesses. Among them are not only the world's largest consumer brands, financial institutions, tech companies and the global aviation and shipping industry, but also floating wind farms or Hollywood film productions. They all look to AGCS for smart solutions and global programs to their largest and most complex risks in a dynamic, multinational business environment and trust us to deliver an outstanding claims experience. Worldwide, AGCS operates with its own teams in more than 30 countries and through the Allianz Group network and partners in over 200 countries and territories, employing around 4,250 people. As one of the largest Property-Casualty units of Allianz Group, we are backed by strong and stable financial ratings. In 2021, AGCS generated a total of €9.5 billion gross premium globally. For more information please visit our website www.agcs.allianz.com
Source https://www.media-outreach.com/news/germany/2022/10/26/172350/