Cybercrime is on the rise in these times of unprecedented change and disruption. New technological innovations and geopolitical events are just two of the major catalysts for change in the risk landscape. In times of volatility, businesses are often faced with increased risk exposure, with opportunistic cybercriminals ready to exploit vulnerabilities and take advantage of loopholes. For insurers and their clients, now is the time for constant vigilance and proactiveness in mitigating these risks.
Artificial intelligence-induced vulnerabilities
This is according to Nikita Naicker, PI Tech & Cyber Underwriter at SHA Risk Specialists. Touching on some of the biggest trends in the cyber risk arena, she says that “one would be remiss to acknowledge that despite the many opportunities and efficiencies that artificial intelligence (AI) has introduced to the world of business, its emergence also represents a substantial risk.
Cybercriminals can use AI to better disguise their attacks and manipulate their victims into falling prey to social engineering attacks. Also, more and more corporates are becoming reliant on AI to streamline their operations. However, with the technology being relatively new, the risks are yet to be fully understood, which makes businesses more susceptible to cyber-attacks. As a specialist risk insurer, we anticipate that AI will have a medium to high impact on the risk landscape in the near future.
With the emergence of AI, which can enable criminals to generate and modify content to look legitimate, the threat of fake news and misinformation has also become more pronounced. Likewise, the increasing use of data, video, voice, and biometric technology also represents a growing threat of data leaks and theft. Companies now have an even greater responsibility to protect themselves from the financial and reputational risks related to misinformation and data breaches.
A turbulent geopolitical climate
Further afield, geopolitics also poses a substantial risk to businesses on both the global and local fronts. More than sixty countries this year will be holding presidential elections. This creates an opportunity for cyber syndicates with vertical connections and monetary incentives to support threat actors in their planned cyber incidents by stealing confidential information to execute cyber sabotage.
In addition, ongoing tensions throughout Europe and the Middle East are likely to intensify the risk impact on businesses. The economic status and accessibility to resources within nation-states such as Russia, North Korea, and Iran have global influence. Any developments in these key countries will have a ripple effect on the rest of the world, particularly the developing world.
For South African businesses, these events should signal an all-important call to action to tighten cybersecurity measures and invest in adequate insurance cover as a much-needed failsafe.
Trends in cybercrime
Some of the most noticeable developments in cybercrime include an increase in ransomware threats. “Over the past year, threat actors have evolved with diversified extortion methods, thus increasing the number of attacks significantly,” says Naicker.
Furthermore, business email compromise has become increasingly concerning within the corporate landscape. Threat actors have been highly successful in gaining access to corporate networks through sophisticated social engineering methods, the use of AI, and honest human error. Unfortunately, identifying fraudulent interactions baited by these threat actors is extremely difficult.
Experts regard big corporations with operations with interconnected functionality and networks as high-risk. Within these environments, cyber-attacks can take the form of threat actors gaining access through the vulnerabilities of service providers or vendors networks which are connected to a client’s network. Once the threat actor has gained access to the corporate network, exposure to loss is imminent.
The second type of supply chain attack can occur in organisations that have not segregated their networks between various divisions. Should a cybercrime threat actor gain access to a division wherein the vulnerability lies, they will be able to gain access to the rest of the organisation’s network through said exposure point.
The responses of a resilient insurance industry
Despite an increase in claims experiences globally, the local specialist market remains stable and competitive due to an increase in the supply of capacity. “In the near—to long-term, this will likely result in insurance products being expanded, leading to the removal of ransomware submission, for example. An increase in business email compromise incidents has also seen an uptake in cybercrime extensions within the policy,” says Naicker.
One positive trend from an underwriting and risk management perspective is seeing clients adapt to AI technology as a defense mechanism against cyber threats. In the long run, this can improve a client’s risk profile and, ultimately, the sustainability of the cyber insurance market.
As Naicker concludes: “We are continuously embracing technology to enhance data analysis, risk assessment and to automate our underwriting processes. As insurers, we also have access to experts within the field. Our aim is to raise awareness around the cyber risks that exist and the solutions that cyber insurance provides to combat this. Selling cyber insurance is therefore not our sole focus – we understand our important role in sharing knowledge and educating the market about cyber security.”
If you are in any doubt about the resilience of your systems, and the risks that potential vulnerabilities may expose your business to, visit www.sha.co.za.
