The views expressed in this article are not necessarily those of the FIA. The article below was supplied by 2018 FIA partner, AIG.
AIG’s 2017 cyber claims statistics reveal business’s key vulnerabilities, and indicate areas of focus for risk committees and business continuity providers.
The recent release of AIG’s cyber claims statistics for 2017 reveal the trends that businesses should be watching into the future. AIG’s statistics show that cyber threats are escalating: claims notifications for 2017 equalled the total claims for the previous four years. On average, in 2017, AIG’s cyber claims staff was handling the equivalent of one claim per working day.
“Our statistics confirm that business’s increasing reliance on digital platforms has created a large group of vulnerabilities that must be addressed. This is not news to business, but it is good to have it confirmed—and perhaps the extent of the growth in successful attacks (and thus claims) may surprise many,” says Roxanne Griffiths, Financial Lines Underwriting Manager, AIG South Africa. “The statistics also make it clear that ransomware remains the top cause of loss in cyber claims. This was probably expected, but it’s less well understood that business interruption is the key impact of a ransomware attack.”
Another important trend is that the incidence of cyber claims is spreading more broadly across a range of industry sectors. In the past, financial services companies were the major source of cyber claims, but their percentage of claims dropped from 23 percent in 2013-16 to 18 percent in 2017, with professional services growing strongly. The retail/ wholesale sector made up 12 percent of cyber claims, with business services and manufacturing both at 10 percent.
The growth in the percentage of claims from professional services firms, up from 6 percent in 2013-2016 to 18 percent indicates that they are becoming more of a target. Lawyers and accountants, in particular, have large databases of sensitive client information that are attractive to hackers. AIG predicts that the European Union’s General Data Protection Regulations (GDPR), which recently came into effect, will make firms more vulnerable to extortion—and the same trend could emerge in South Africa when the Protection of Personal Information Act (PoPI) comes into force.
Another worrying trend is that the professionalism associated with ransomware attacks is diminishing, along with the certainty that those who pay the ransom will get their data back.
“Ransomware is becoming commoditised and automated. In line with this, attacks seem to be becoming indiscriminate—so even if you don’t think you have any valuable data or are too small, you can still be targeted and suffer business interruption,” says Roxanne.
AIG expects claims trends over the next 12 months to continue to be affected by the commoditisation of ransomware and more data breaches due to the influence of GDPR. Given the ongoing political uncertainty globally, actions by various state or quasi-state actors could also drive cyber-attacks and thus claims.
Based on its analysis of these claims statistics, AIG has identified the top cybersecurity risks for companies in the Europe, Middle East and Africa region:
- External servers with remote access combined with weak passwords. This offers an opportunity for the introduction of malware and ransomware. Remote access should be carefully controlled.
- Lack of user awareness permits hacking by phishing for passwords. The user engages with the content of a phishing email and is directed to a fake log in page where credentials are harvested opening the victim’s account to hackers. Any request for log-in details is a red flag for phishing.
- Weak log-in protocols. The risk from phishing is eliminated if two-factor authentication is enabled, requiring a secondary code for account log in. As a minimum, this should be adopted for business directors and partners, and employees involved in payments.
- Failure to install DDoS (distributed denial-of-service) defences. Denial-of-service attacks are an attempt to make a company’s servers unreachable by increasing the on line traffic to the site. The flood of traffic can cause the website to shut down completely and this type of attack is an increasing threat, especially as poorly protected devices on the Internet of Things are easily harnessed by hackers to create botnet armies capable of pushing out huge amounts of data.
For the detailed report please follow the link below: