Cyber criminals display a variety of motivations and maintain complex relationships which should be considered when underwriting and broking cyber risk, a new report from leading cyber risks analytics firm CyberCube says.
According to the report, Understanding criminal cyber threat actors and motivations, there are three main types of ‘threat actors’: state-sponsored, criminal gangs and hacktivists – groups or individuals who use hacking to effect social or political change.
State-sponsored actors are among the most significant and concerning to the (re)insurance industry and potential victims of cyber crime as they are affiliated with government entities, tend to represent well-funded, well-organized and sophisticated actors with mature procedures and protection from an associated government.
Organised criminal gangs are primarily focused on ransomware – locking up a victim’s data and demanding a ransom payment to decrypt the data – and are evolving their tactics, techniques, and procedures at a rapid rate. Meanwhile, the more influential hacktivists present a very real threat to business and to the cyber insurance market. These organizations play a very dangerous game when putting state secrets and intelligence operations in harm’s way and the potential repercussions of these activities are far reaching.
Darren Thomson, CyberCube’s Head of Cyber Intelligence Services and a co-author of the report, said: “While cyber crime is the subject of considerable research, most of it is focused on specific types of attack. In our view, we need to know more about the threat actors behind these attacks. The more we understand their motivations and allegiances, the more we can predict their moves.
“Our new report focuses on actors with whom the insurance industry should concern itself because they are most likely to inflict cyber attacks on Western democracies and businesses while creating systemic risk that leads to risk aggregation and large financial losses. A greater understanding of the key cyber actors will help the insurance sector predict how and where future attacks could arise and inform estimations of attack frequency and severity.”
Current estimates suggest that global damage related to cyber crime will reach $10.5 trillion by 2025.
Here is CyberCube’s report: Understanding criminal cyber threat actors and motivations.