Experts have been warning us for years that a scenario like the coronavirus pandemic was imminent, and yet, in 2020, we found ourselves faced with a new reality that we were still vastly unprepared for in many ways. Within the course of just weeks, our economy, education systems and lifestyles changed dramatically. While things now finally appear to be returning to some sense of normalcy, in our experience with Covid-19, there lies a lesson in the importance of preparing for known threats.
Hauser Insurance Group wants businesses large and small to reflect on how they can best mitigate and manage risks to their data security. The average cost of a data breach is over $1 million, and as a full-service risk management, employee benefits, and insurance solutions partner, Hauser Insurance Group provides support, resources and expertise through a consultative approach to help businesses maximize the value of their insurance coverage at every level. Alongside Hauser Insurance Group, we explore how cyber risk has evolved over the past year and where it will trend toward in the future.
2020 Increases Cyber Risks
In addition to the countless changes that the 2020 coronavirus pandemic brought to light, it also created near-perfect conditions for cybercriminals. As a result, there has been a dramatic increase in cybercrime. Out of necessity, a large number of businesses pivoted to remote work, resulting in a shift in dependency on personal devices and residential networks ,which greatly expanded the number of different points through which an unauthorized user could access or extract data from an environment. What's more, the digitization of operations within businesses to adapt to remote working trends, the need for contactless services and a general increase in virtual consumption has created a large increase in potential targets for criminals to exploit.
In tandem with the coronavirus pandemic exposing the insufficient information technology infrastructures, immature data governance, and inadequate security controls of many businesses, ransomware attacks last year increased in frequency, targeting, and automation. Globally, ransomware attacks rose by 40 percent in the first three quarters of 2020 when compared with the same period in 2019. Payments more than doubled in size since the beginning of the year. According to Hauser Insurance Group via Coeveware, companies based in the United States remained most targeted.
According to Hauser Insurance Group's website, over 60 percent of attacks are directed at small to medium-sized businesses. However, thanks to the increasingly advanced tactics, which have enabled criminals to utilize artificial intelligence with rising frequency, large businesses are now becoming more vulnerable. These innovative technologies may be revolutionizing the world for the better in many ways. Conversely, they have also enabled criminals to not only access companies' core systems, but also infiltrate backup systems. They have also begun to extrapolate data from hacked networks and threatened to release this data as part of an extortion scheme. Further endangering businesses is the explosion of "ransomware as a service", which enables subscribers to utilize already-developed ransomware tools to execute ransomware attacks. Cybercriminals no longer need anything more than a bank account to cause significant harm.
What 2021 and Beyond Holds in Store
2020 was an outlier for a number of reasons, but even as the global pandemic continues to recede and companies reopen their office doors, remote working isn't going away any time soon. Furthermore, the digitization of the world is by no means slowing down, and this continued acceleration creates an expanding attack surface on which cybercriminals will thrive. As Newton's third law of motion states "for every action, there is an equal and opposite reaction". While information technologies, such as 5G networks, will bring about wonderful advancements for society, they will also open an even greater number of entry points for attackers to gain unauthorized access.
Fortunately, just as much of Coronavirus spread was preventable through widespread handwashing and use of masks, the anticipated threats are largely knowable and preventable without expensive or exotic security measures. In most cases, adjusting behaviors and educating employees to bring awareness will be more than effective. Known as "cyber hygiene", companies that adopt simple practices, such as regular patching and password updates, will fare well. Additionally, educating employees who are working from home will reduce susceptibility to phishing and fraud tactics. Hauser Insurance Group has invested in the security tool CyberCube, which delivers data-driven cyber analytics built specifically for the insurance industry to help their clients manage their risks.
When it comes to ransomware, it is difficult to foresee a solution that does not involve a form of authority intervention. It continues to be the most lucrative means of monetizing data breaches. As of now, many businesses still see paying the ransom as lower cost than the economic and reputational ones that would come from ignoring them. In order to prevent the cycle from continuing, government authorities and regulators will most likely be forced to intervene ,either through the payment of ransoms or the use of cryptocurrencies.
Evidence of this is already appearing around the world. In the United Kingdom, Ciaran Martin, the former Head of the National Cyber Security Council, called for a change in law to make ransomware risks a board-level problem, as well as to prevent businesses from paying ransoms. This past October, the United States government issued guidance reiterating its position that cyber insurers who make ransom payments are in violation of the law. However, in looking at the precedence of other kidnap and ransom markets, it would appear that if governments and regulars are successful in making ransoms harder to collect, criminals will simply shift their tactics to garner payment via alternative channels.
While the Coronavirus pandemic of 2020 was catastrophic in many ways, that only makes it more important that we take valuable lessons from it. The world has become increasingly reliant on technology in the past decade, and this past year has only accelerated trends that were already well on their way to becoming the norm. Hauser Insurance Group's website states that an estimated $445 billion has been lost to cybercrime globally, and cyber breaches remain one of the top risk management concerns for all businesses in the United States. Cyber risk must become a part of our common language when it comes to business risk. The sooner a company recognizes that, the better they can prepare and protect themselves for the future.