Global insurance and reinsurance broker Aon has published a new report that details the greatest cyber security threats and challenges to organisations in 2019, highlighting both the significant opportunities and risks that new technologies bring.
The 2019 Cyber Security Risk Report identified eight key areas where business are likely to face the biggest cyber security challenges going forward.
Chief amongst these was technology, which Aon said was “exponentially” increasing the number of touch points that cyber criminals can access and requiring business to adapt to a radically different set of risks.
Developments in the supply chain will also heighten cyber risks dramatically, analysts claimed, as the amount of operational data exposed to cyber adversaries expands and as companies increase their reliance on third-party vendors and service providers.
Both of these trends present attackers with new openings into supply chains, and will require board-level, forward-looking risk management in order to sustain reliable and viable business operations.
Similarly, the report noted that cyber exposure will increase alongside the development of Internet of Things (IoT) devices, which many companies do not securely manage or inventory, and which are already resulting in breaches.
Further connectivity to the internet across business operations expands the attack surface of a company and makes it easier for attackers to move laterally across an entire network, Aon added.
However, it is often simply employee errors that cause cyber breaches, and the report stressed that it is imperative that companies establish a comprehensive approach to mitigate insider risks, including strong data governance, communicating cyber security policies throughout the organization, and implementing effective access and data-protection controls.
Commenting on these exposures from the insurance point of view, Catherine Mulligan, Head of Cyber for Aon’s Reinsurance Solutions business, said: “Insurers need to proactively address silent cyber across their portfolios.
“The good news is that insurers can access the analytics to model the extent of the exposure, especially if underwriting high-risk sectors like manufacturing.”
“Being aware of aggregations is critical,” she continued. “Aon’s dam cyberattack scenario is an example of identifying, modelling and testing assumptions on technology failure points. This analysis can also help free up capital so insurers can write more business.”
Aon also pointed to the increased pace of cyber regulation enforcement in 2018 in the form of laws, rules, and standards, which are designed to protect and insulation businesses and their customers.
“UK insurers will be mandated by the PRA to produce silent cyber mitigation strategies by June 2019 to manage this growing risk which in turn will see increased demand for cover, Mulligan explained.
“To seize new opportunities, insurers can pursue white labelling/bolt-on products to enter a new line of business and set out a strategy for profitability.”
J. Hogg, Chief Executive Officer (CEO) of Cyber Solutions at Aon, also commented on the report: “In 2018 we witnessed that a proactive approach to cyber preparation and planning paid off for the companies that invested in it, and in 2019, we anticipate the need for advanced planning will only further accelerate.”
“Leaders must work to better insulate their companies and their processes, while simultaneously identifying the ways they can benefit from the opportunities offered through technology and digital transformation.”
Hogg explained that organisations also need to recognise the need to share threat intelligence across their own network, as well as with other companies.
“While it may seem counterintuitive when thinking about cyber security, collaboration within and across enterprises and industries can keep private data of companies and individuals alike safer,” he said.
“Working together can result in improved efforts to hunt bad actors, while also raising the bar and making all parties more prepared for the inevitable day when a disruption does happen.”
