With cyber criminals becoming more sophisticated by the day, business must act now to shore up their defenses.
As recently as five years ago, cyber risk was widely perceived as a technological challenge. Protected by firewalls and virus protection software – not to mention the company IT departments’ benign oversight – workers rarely worried about their cyber safety.
Today’s cyber crime landscape is vastly more sophisticated and challenging than it was just a few short years ago. Blunt-edged mass efforts to steal information have been eclipsed by hacktivists seeking to disrupt business and commerce on a global scale. The Global Risks Report 2021, published by the World Economic Forum in partnership with Zurich Insurance Group, cites technology as two of the top five biggest risks facing the world in the next two years, of which one of those is cybersecurityfailure – ranked by 39% of respondents as a significant short-term risk.
According to the report, the rapid digitalization of human interactions and the workplace has also expanded the suite of essential digital skills—including communication, cyber safety and information processing. The issue lies, however, in the requirements for upskilling and reskilling people to deal with the new issues, which will need significant investment. Between 2006 and 2020, the United States faced 156 significant cyberattacks (defined as cyber attacks on a country’s government agencies, defence and high-tech companies, or economic crimes with losses equating to more than a million dollars), and the United Kingdom was in second place, albeit a way behind, with 47. With the continued threat of these happening, and not just to countries without the infrastructure to deal with them, organisations need to ensure they are well-equipped to firstly defend against them, and secondly to have recovery plans in place should one occur.
Getting ahead of this challenge has forced a paradigm shift for insurance companies, replacing the traditional model of risk transfer to one which emphasises end-to-end cyber resilience, including risk identification and threat protection, as core functions.
This is necessitated by the sheer scale of the challenge, which is accelerated by the increased adoption of advanced technology and digitalisation. The benefits of digital adoption are undisputed and it is essential for a business to digitalise, should they want to remain competitive and efficient.
Yet the impact of cyber risk pervades nearly every aspect of our lives.
Even as advanced malware and AI continue to push “crimeware” technological boundaries, another sinister threat that’s recently seen a sharp increase is business email compromise, or BEC. Rather than relying on malware or links to malicious websites, which can be easily detected by many of today’s advanced cyber threat tools, BEC uses sophisticated social engineering, involving reconnaissance techniques such as mining social media profiles, to create painstakingly targeted, realistic phishing e-mails.
While technology to detect and block these attacks continues to get more effective, it often requires a wary recipient to recognise the most sophisticated of these targeted phishes that are specially crafted to evade traditional cyber defensive technology.
With the challenge on such an epic scale, insurers and policymakers may be left with no choice but to consider the feasibility of government-backed reinsurance schemes, similar to those addressing natural catastrophes and terrorism. This would require increasing cooperation on global governance.
This is high on the agenda for the World Economic Forum’s Global Centre for Cybersecurity, which is working with multiple stakeholders – including Zurich Insurance Group – to establish a common taxonomy through which information about cyber-attacks – and what can be done to protect against them – is freely shared. Only once that happens can we truly say the cyber threat is under control.