A new report from CyberCube says that cyber criminals display a variety of motivations and maintain complex relationships, which should be considered when underwriting and broking cyber risk.
The report – Understanding criminal cyber threat actors and motivations, states that there are three main types of threat actors: state-sponsored, criminal gangs, and hacktivists.
CyberCube notes that state-sponsored actors are among the most significant and concerning to the re/insurance industry and potential victims of cyber crime.
State-sponsored actors are affiliated with government entities and, as a result, tend to represent well-funded, well organised and sophisticated actors with mature procedures, and protection from an associated government.
The report highlights how state-sponsored actors’ objectives tend to align with the government entity that sponsors them.
Moreover, the report states that organised criminal gangs are primarily focused on ransomware and are evolving their tactics, techniques, and procedures at a rapid rate.
In addition, the more evolved criminal gangs have even turned their attention in recent years to providing sophisticated hacking tools to other, affiliate cyber criminal gangs via a software-as-a-service (SaaS) distribution method, which is known as ransomware-as-a-service (RaaS).
The report also addresses how influential hacktivists present a very real threat to business and to the cyber insurance market, as these organisations play a very dangerous game when putting state secrets and intelligence operations in harms way, and the potential repercussions of these activities are far reaching.
Furthermore, CyberCube states that it expects to see more activity from nation state cyber threat actors in the coming years. The number of nation states who now see cyber capability as key to their strategic, national objectives is increasing, and many nation states are maturing their capabilities at a rapid pace.
At the same time, CyberCube notes that current estimates suggest that global damage related to cyber crime will reach $10.5 trillion by 2025.
Darren Thomson, CyberCube’s Head of Cyber Intelligence Services and a co-author of the report, said: “While cyber crime is the subject of considerable research, most of it is focused on specific types of attack. In our view, we need to know more about the threat actors behind these attacks. The more we understand their motivations and allegiances, the more we can predict their moves.
“Our new report focuses on actors with whom the insurance industry should concern itself because they are most likely to inflict cyber attacks on Western democracies and businesses while creating systemic risk that leads to risk aggregation and large financial losses. A greater understanding of the key cyber actors will help the insurance sector predict how and where future attacks could arise and inform estimations of attack frequency and severity.”
Meanwhile, according to Howden’s newest annual report – A Hard Reset 2.0, the average cost of cyber coverage is more than double what it was last year.