What cyber trends are keeping insurers awake at night and how can SMEs mitigate them? Richard Robertson, Head of Information Security at Pro Global, finds out more.
No one wants to be a victim of a cyber-attack, and many businesses go to great lengths to install the best technology to defend themselves – but despite this, the business of cybercrime is one that continues to grow.
So far in 2021, there have been a host of disruptive attacks – all with staggering ransomware demands to suit. Company reputations have been put at stake, and even lives have been put at risk, as was the case in February 2021 when a hacker accessed the chemical control system of the Florida state water supply.1
For many, the financial damages have been eye watering, the most notable being the US$40million ransom demand paid by US insurance company CAN Financial Corp after hackers locked the company out of its own network. But they aren’t the only ones to fall prey to such pressures. As has been reported in the media, around 65,000 successful attacks were carried out in 2020 in the US alone, resulting in an estimated US$350million of ransom demands being paid.
On the surface, it seems that ransomware demands are being met with little resistance, particularly when the targets are large-scale companies. But small and medium-sized businesses (SMEs) offer cyber criminals potential pickings too, and with potentially fewer investments in online defences, they are just as – if not more – attractive to cyber criminals.
Without question, cybercrime is big business; it is a strategic underworld where vulnerabilities and weak cyber defences are preyed upon – a theme that prevailed during the pandemic as companies increasingly took their businesses and workforce “online”. Insecure firewalls, remote server access, video conferencing and even the simple email quickly became potential gateways into company systems and data files.
According to Finances Online, the most common cyber-attacks experienced by companies are phishing emails, closely followed by network intrusions.4 But it isn’t just computers at risk; mobile devices present opportunities for scammers too. Text or “smishing” scams, such as the Royal Mail postal redelivery message scam,5 and even the NHS vaccine scam, were rife during the pandemic, and without knowledge, training and awareness, such attacks will simply continue to increase.
So, what are the cyber challenges facing insurers and SMEs in today’s climate? The most likely scenarios are issues related to the use of cloud services and SaaS platforms. Ransomware 2.0 is now a widely accepted – and expected – form of attack, so ensuring cloud cyber defences are robust and at their absolute best is vital.
Preventative measures In the face of these increasing attacks, the demand for cyber insurance has rocketed, and insurers are being left to navigate and underwrite a whole new form of risk exposure. But the onus isn’t just on the insurers. Insureds need to get a better understanding of their risk too; for them, mitigating their risks isn’t just about protecting their business, it’s about protecting their customers as well.
Whether it is in the form of technology, or more practical awareness training – such as how to identify phishing emails or text scams – the majority of vulnerabilities can be picked up with a cyber audit.
Audits can even highlight emerging threats, helping to ensure that both insurers – and their insureds – can put all the right preventive measures into place; not only to demonstrate that they are doing all they can to counter cyber threats, but also to protect themselves at the earliest opportunity.