Ransomware attacks have reached a new peak this year, with WannaCry causing estimated global financial and economic losses of up to $4 billion and infecting 300,00 machines around the world, according to Trend Micro’s security and threats report.
2017s WannaCry and Petya attacks show that cybercriminals are upping their game and diversifying methods to exploit the increasing inter-connectivity of global businesses.
Trend Micro estimates that by 2018, over a million industrial robots will be employed in factories around the world; tests have shown how industrial robots can be compromised through exposed industrial routers or other vulnerabilities.
This year’s systemic ransomware attacks have demonstrated that cyber crime has already reached the same levels of catastrophic loss associated with natural catastrophes or some of the major risks re/insurers cover.
The capabilities of cybercrime to disrupt the value chain on all levels will continue to dramatically increase in the near-term future.
The Trend Micro report said; “Businesses still fall for email scams. According to the Federal Bureau of Investigation, global losses due to business email compromise (BEC) have reached $5.3 billion.
“Based on a random sample set of BEC emails, data revealed that cybercriminals spoofed the CEO position the most while CFOs and finance directors were the top targets of attacks.”
In the current high-level threat environment businesses operate in, security should be a priority for all enterprises, and especially those connected through global online platforms, software, robots, and network defenders and cybersecurity standards makers.
It’s clear that crime has moved online, the cyber threat landscape has evolved to a degree that could place most multinationals at serious risk.
Multi-billion dollar cyber losses catalyse the development of cyber protection and insurance as entities learn from damage assessment, and many in the re/insurance space believe that as analytics, better modelling and pricing metrics improve, cyber risk will present a true commercial opportunity for the industry.
Developing metrics to measure the accumulation of cyber exposure and to accurately price and model risks are mammoth challenges facing the industry.
For many re/insurers, the unprecedented cyber attacks witnessed this year provided a learning opportunity for risk modeling of aggregated cyber risk, as highlighted by Lloyd’s Inga Beale after the Equifax data breach exposed personal information of 143 million Americans and up to 400,000 UK clients.
As data regulation evolves to catch up with the level of threat facing individuals and businesses, undoubtedly firms will begin looking for safety nets to protect against potential landslide losses.
The recent ransomware attacks and data breaches have highlighted just how far-reaching and potentially costly a cyber attack can be, underlining the need for re/insurance capacity, and improved accountability in firm’s handling of the cyber security space.
However, providing cover for one of the largest and most unpredictable emerging risks in a sustainable manner is not low-hanging fruit, and the extent to which re/insurance can take on this risk remains a question – that some of the most prominent figures in the industry – like Swiss Re Chief Executive Officer Christian Mumenthaler who says cyber is probably not insurable, are extremely skeptical about.
