Hilary Tuttle has an article in Risk Management (rmmagazine.com/2021/02/01/2021-cyberrisk-landscape/) on current cyber risks. (Warning - the web site is not secure -what irony!)
The risks created or exacerbated by the pandemic -phishing, remote working, dependence on digital systems and online transactions, targeting healthcare organizations - will continue in 2021.
Connected technologies are a major risk. Accenture's State of Cyber Resilience 2020 reported 40% of cyber attacks came from weak links in supply chains. Successful supply chain attacks on one organization enable the attackers to compromise hundreds or thousands more. This creates a risk of large aggregate losses. Online learning, telemedicine and remote desktop protocol are all targets for attackers. Cloud based attacks will increase.
As seen in the SolarWinds attack, nation states are a major threat.
Ransomware continues to increase, and organizations that do not prepare may be penalized. In addition to direct costs, they may face higher premiums and possible non-renewal. Ransomware attacks also include extortion demands with threats to publish confidential information, targeting individuals and organizations.
Health care organizations had the largest share of breaches in 2020. According to Tenable's 2020 Threat Landscape Retrospective, ransomware and email compromise combined for 71% of the breaches. Healthcare records are up to 50 times more valuable on the black market than other data, making them an attractive target. With resources strapped from fighting the pandemic, the industry will be poorly equipped to fight back.
Regulatory fines under the GDRP have been growing, and stricter data protection laws have been enacted in California, Canada and Brazil.
As posted last month, disinformation and deep fakes will be a major threat.
Home networks are now work networks. The line between business and personal use has been blurred. Cyber criminals are targeting remote workers, and any "smart" device can be an entry point. The "Internet of Things" has become the "Internet of Threats". When remote workers let family members, even children, have access to work devices (and they do) the danger of a breach to organizations increases. In addition to direct costs, these breaches can result in regulatory fines, legal action and reputation damage.
All of these threats have an effect on the insurance market. The hard market in other lines has come to cyber insurance; estimated rate increases are 20-40% for middle market and over 30% for larger organizations. Policy terms can become more restrictive. Check your renewal policy for new forms and exclusions as well as higher premiums. At Beacon we will continue to monitor and advise of market changes.