The threats that are posed by new technologies such as artificial intelligence (AI), which had consistently reduced since 2021, is now predicted to be a growing threat for the next 12 months ahead, according to Beazley’s latest Risk & Resilience report: Spotlight on: Cyber & Technology Risks 2023.
The report highlighted key areas such as ransomware and other cyber-attacks to the threats posed by AI.
The economic impact of cybercrime on business across the globe continues to reach new levels, with the cost predicted to reach US $10.5 trillion by 2025, according to research by Cybersecurity Ventures. However, boardroom focus on cyber risk appears to be diminishing. The perceived threat of cyber risk to global business leaders peaked in 2021 at 34%, and over the past two years, the risk perception has dropped to 27%.
According to Beazley, in 2024, it is predicted to remain at 27% whilst business preparedness for this risk continues to decline.
Elsewhere, as cyber fears decrease, the technological risk landscape has fragmented, with executives growing concerned about the perceived threat posed by disruptive new technologies, such as AI, as the risk of cybercrime.
Beazley highlights that failing to keep pace with technology and adapting to new innovations is an issue that 26% of global business leaders identified as their key technological concern. But, at the same time, resilience to this threat is on the decline with 21% of all businesses saying that they cannot maintain the pace of change.
Another noteworthy statistic is that leaders are also beginning to turn their attention to other concerns such as the risk of theft of their intellectual property (IP) with 24% of business leaders ranking it as their top risk in 2023, more than double what it was in 2021 (11%).
It is also worth highlighting that IP theft has become the cyber and technology risk for which businesses across the global feel the least prepared for, with more than one in four businesses (26%) reporting they feel “ill-equipped” to mitigate this risk.
Despite overall concern around cybercrime tracking downwards, Beazley stated that small and medium sized businesses (SMEs) are increasingly aware of their limited ability to mitigate cybercrime threats and the specialist insurer’s data suggests they feel more exposed than ever.
Companies with an annual revenue of US $250,000 to US $999,999 report feeling less prepared to deal with cyber risks in 2023 (76%) than they did in 2022 (70%).
Beazley’s data heavily outlines how cyber hacking groups are becoming more specialised and diversified, with some groups now using SME’s security systems as a training ground for new hackers to learn their trade.
Paul Bantick, Group Head of Cyber Risks, Beazley, said: “Business leaders are finding it a struggle to keep up with the constantly evolving cyber threat. But worryingly they appear less concerned by cyber risk than a couple of years ago. This could be because they have been lulled into a false sense of security as the war in Ukraine led to a temporary reduction in the ransomware threat level when a number of cyber gangs splintered, but this situation is only temporary and should not be viewed as the new normal.
“As the MOVEit hack has proved, the bad actors are always looking for new ways to attack with tactics ranging from third party supplier attacks to more sophisticated social engineering and phishing attack techniques. Businesses of all sizes and across all industries cannot afford to take their eye off the ball, just at a moment when cyber criminals are starting to look to make up for profits lost over the past 18 months.
“The emergence of AI and other tech innovations as well as the increase in concerns over IP theft are now front of mind for many business leaders globally. These threats are fast evolving and unfamiliar, with many companies being caught on the back-foot when dealing with the risk. For the insurance industry, working with clients to help them tackle these challenges is vital to ensuring businesses operate in as safe an environment as possible. We need to continue to work with our clients to explain how they can improve their resilience to cyber and technology risks, and encourage them to adopt a defence in depth risk mitigation strategy.”
