ANNUAL REVIEW

Cyber Security & Risk Management 2015

July 2015  |  RISK MANAGEMENT

financierworldwide.com


Click cover to download

(Subscriber-only password access)

 

Not a subscriber?

Click here to join the FREE mailing list and receive password access


Cyber risk management is one of the most important and often discussed issues in the modern business landscape. Today, the number of successful cyber attacks launched annually is on the rise. Though some industries are more susceptible than others, cyber security affects companies across a wide gamut of sectors. From multinational entertainment companies like Sony, to large national retailers like Target, to local ‘mom and pop’ stores, and even government agencies, nobody is safe.

 

UNITED STATES

Mary Guzman

McGriff, Seibels & Williams, Inc.

“Certain industries, such as retail, due to the inherent vulnerabilities in current card processing and Point of Sale (POS) systems, and healthcare, are perhaps bigger targets than others, but none are immune. A lesser known, but more worrisome risk, lies within the vulnerabilities of ‘embedded’ firmware, such as Industrial Control Systems like SCADA, switching devices, cameras, conferencing phones, and temperature control, and other command and control related devices not typically accessed through a keyboard or end-user device. Additionally, hackers are penetrating medical devices to bypass hospital security measures because typical scanning and detection systems cannot find harmful activity within these closed systems. The ‘Internet of Things’ facilitates hacking technologies that can cause physical damage or bodily injury, which has become more prevalent and, at the same time, difficult to defend against. Theft of intellectual property costs companies billions of dollars a year but doesn’t garner the same headlines as privacy breaches, as these breaches do not directly impact the individual.”

 

UNITED KINGDOM

Jamie Bouloux

CFC Underwriting, Ltd

“The reality is that cyber threats have not changed over the past few years. Companies continue to be vulnerable to data asset theft, network and system failure, and ever increasingly the reliability of their IT supply chain. Considering these vectors for exploitation, any given company could suffer a cyber event, whether malicious or accidental. Unfortunately, the challenge is that the perpetrators of cyber crime have grown exponentially, as unlike traditional crime these attacks are faceless, low risk, lucrative, and can be impactful on any given entity. The recent attack against Germany’s Bunderstag reminds us of the potential for weapon grade cyber code, such as 2010’s Stuxnet, and has created cause for concern as nation state infiltration continues to be a threat to both government and industry. New York’s Department of Financial Services has raised concerns around a potential ‘cyber 9/11’ in which it is understood that a hack into Wall Street firms could “spill over into the broader economy”.”

 

SPAIN

Claudia Gómez

Aon Risk Solutions

“We would say malware, cyber espionage, insiders, data breaches and cyber crime continue to be the most harmful threats that companies face today. However, companies are increasingly embracing the ‘Internet of Things’ – technologies which will provide momentum to their businesses and will help them to stay ahead of their competition. Although nobody is completely sure of the implications of the Internet of Things for both privacy and security, there will be issues for sure. Consequently, companies need to think of cyber threats and risk as an evolving matter, otherwise the biggest cyber threat would be unpreparedness. In Spain, there have not been any well publicised, high profile attacks, though the Ministry of Industry indicated that our country is the third most attacked after the US and the UK. It is common knowledge, however, that Spanish banks and Spanish energy companies were counted among the victims targeted by the Carbanak and Dragonfly operations, but the consequences of those attacks remain unknown.”

 

GERMANY

Johannes Behrends

Aon Risk Solutions

“The threats to which today’s companies are vulnerable depend on the industry sector the company in question operates in. However, there is one common threat that a lot of companies are facing: business interruption caused by a hacker attack. In 2014, hackers struck a steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in physical damage. The case shows that hackers are not just interested in stealing sensitive data; they are willing to do damage to manufacturing plants. This development is a growing concern. We expect these kinds of attacks to happen more often.”

 

NETHERLANDS

Matthijs Geerts

Aon Risk Solutions

“Cyber threats manifest themselves in various forms. Companies can be confronted with system failure, denial of service (DDos) attacks or the disclosure or loss of confidential and personally identifiable information. The most strategic, and in our opinion damaging effect of a cyber threat, particularly when the issue is not addressed properly, is the danger posed to a company’s reputation, financial position and ability to realise its short and long term objectives. An integrated cyber strategy, supported at boardroom level, is fundamental in protecting all stakeholder interests. Companies are continuously under attack. DDos attacks, as well as accidental or intentional security breaches, have recently paralysed various industries. The so-called Carbanak attackers recently committed the biggest digital bank robbery in history. The threat posed from cyber crime is very real, and no industry is safe.”

 

SCANDINAVIA

Kristoffer Haleen

Willis AB

“It is fair to say that all companies face cyber threats, but the nature of the threats vary greatly depending upon the company’s business and level of maturity. One threat that most companies have in common is that of stolen or leaked intellectual property. In the Nordics, we are also seeing that quite a few of our large manufacturers are finding themselves vulnerable to attackers who are targeting their networks. The purpose behind these attacks can be hard to establish, but it seems that many attackers are increasingly gaining access to operational systems, which may be an indicator of espionage, but also that the attackers are preparing to damage production, which can have very serious consequences.”

 

AUSTRALIA

Emma Osgood

AIG Australia

“One of the biggest problems for companies today is that cyber threats are constantly evolving. For example, with a minor code adjustment hackers can create a new variant of malware that a company’s protection system may not be able to recognise. In fact, a recent study identified 143 million new malware samples from 2014 alone and there are an estimated 12 million new variants every month, placing an inordinate level of pressure on IT security professionals. One particular variety of malware, commonly referred to as ‘crytolocker’, can have devastating effects. Crytolocker is a type of ransomware which is typically spread through malicious attachments or links within emails under the guise of something genuine. Once it corrupts a computer, it begins encrypting files. The perpetrator will only release the decryption key when a ransom payment is made. While anti-virus software and firewalls provide a degree of protection for organisations, they cannot prevent employees opening links in emails in good faith.”

 

SOUTH AFRICA

Kenneth van Sweeden

Auto & General

“South Africa faces the same cyber threats as the rest of the world, challenges such as spoof websites, phishing, illegal access and hacking of cell phones and social media footprints left by users. South Africa was ranked the sixth most active country for cyber crime by the FBI recently – a result which is alarming for a country whose internet penetration is around 14 percent. Several high profile cyber attacks have already occurred in the country, including incidents involving both financial and governmental institutions, as well as political party websites.”

 

ISRAEL

Sharon Shaham

AIG Israel Insurance Company Limited

“In the past, cyber breaches used to be sporadic and less organised, conducted mainly by individuals, usually for personal gain. Today, companies are exposed to cyber breaches by well organised and funded groups. Although some attacks may still be for personal financial gain, today the incentive for many attacks is often either ideological or political, with the major intent of causing financial harm to the attacked entity and jeopardising its business continuity. In Israel, organisations such as Anonymous organise planned ‘attack days’ several times a year, mainly against Israeli targets, thus far with no significant published results. During specific times of activity there seems to be an increase in cyber breach efforts in commercial or public organisations identified with Israel. Beyond such organised attacks, one of the most talked about events was an attempted extortion by an ex-employee of a credit card company owned by one of the major banks in Israel, which was unsuccessful.”


CONTRIBUTORS

AIG Australia

AIG Israel Insurance Company Limited

Aon Risk Solutions

Auto & General

CFC Underwriting, Ltd

McGriff, Seibels & Williams, Inc.

Willis AB


©2001-2016 Financier Worldwide Ltd. All rights reserved.