Click cover to download

(Subscriber-only password access)

Not a subscriber?

Click here to join the FREE mailing list and receive password access

Irrespective of a company’s size, a successful cyber attack can have significant financial and reputational consequences. Thankfully, organisations are waking up to the realities of a data breach and are attempting to better understand their vulnerabilities and how they can mitigate their risks, and thus are investing additional resources into their cyber defences. Part of this process is arranging cyber insurance coverage and coordinating data breach response plans, which can help companies recover in the event of a breach. It is important to note, however, that such arrangements should complement, not replace, a company’s cyber security provisions.

UNITED STATES

Joseph S. Campbell

Navigant Consulting, Inc.

“Information security breaches have significant consequences for businesses. Major cyber threats include ransomware, spearphishing, business email compromise, malware and insider malfeasance. While no business is immune to cyber threats, often affected industries include public works and infrastructure, energy, healthcare and financial services. In 2015, the US Office of Personnel Management experienced a cyber penetration that impacted over 21 million people and exposed serious counterintelligence vulnerability for the US government. Other noteworthy data breaches affecting hundreds of millions of consumers have hit Marriott Starwood Hotels, where sensitive passport information was compromised, as well as Quora, Google, Anthem and T-Mobile.”

MEXICO

David Gonzalez

Capital Bay Underwriting

“The number of successful cyber attacks has increased exponentially in recent years, especially in the financial services space. Hackers are becoming more sophisticated and are targeting larger sums of money. Mexico seems to have been specifically targeted in recent years by hackers from Asia and Eastern Europe. Furthermore, well-coordinated and sophisticated ‘Trojan’ attacks are more common than ever. These programmes monitor a user’s activity and they have been known to be embedded inside the target institution’s systems for up to a year. Recently, the Mexican central bank’s payment compensation system SPEI was targeted.”

UNITED KINGDOM

Matthieu Rider

Rapid7

“We are seeing a move away from ransomware as the attack du jour, to that of compromising individual’s work email accounts, often due to password reuse. Our recent Industry Cyber Exposure Report found that organisations in every industry have serious issues with patch or version management of internet-facing systems. Keeping these kinds of outdated business-critical software packages connected to the internet can pose a serious risk for organisations of every size. In May, several UK organisations fell foul of attacks targeting the Microsoft SharePoint remote code vulnerability.”

SPAIN

Claudia B. Gómez

Aon Spain

“Companies are embracing digital transformation and the Internet of Things (IoT), but these create an uncertain environment in terms of risks. Therefore, I would say unanticipated risks emerging from digitalisation and IoT are major threats, which challenge companies to be prepared for the unexpected and unknown. Additionally, companies are still vulnerable to highly sophisticated attacks and state-sponsored attacks, which can cause considerable damage and threaten business continuity. Lastly, the rise of cyber attacks against industrial control systems and critical infrastructure is concerning, and will continue to be a trend in future.”

SWITZERLAND

Oliver Delvos

AIG Europe S.A.

“Today, cyber threats follow global patterns and trends. Ransomware is a global concern, as well as targeted cyber attacks. Business interruption and resultant loss of revenue and profit are on the minds of risk managers and entrepreneurs. One example of such an event was seen recently in Norway, at an aluminium production facility. Due to its vast financial services sector, Switzerland is a lucrative target, especially given the significant growth of cryptocurrency exchanges, which have been accompanied by security breaches of the underlying IT infrastructure.”

ITALY

Emanuele Cavallero

Tokio Marine HCC

“Today, cyber attacks are perpetrated from a variety of places, using constantly evolving methods and techniques. Though some threats are more invasive than others, they can be equally devastating for unprepared businesses. Consequently, understanding the state of cyber security is key to successfully protecting a business from advanced cyber attacks. Not having a cyber security plan creates high-risk situations, including the potential compromising of private data, costly recovery expenses or weakened client trust. Italy fell victim to two major cyber attacks during the last two months of 2018.”

POLAND

Paulina Radgowska

Tokio Marine HCC

“According to a recent KPMG survey of 100 Polish companies, cyber criminals are still the biggest threat companies face. Attackers include both individual hackers and organised groups using ransomware and social engineering techniques to steal confidential data and funds. The recent attacks on the biggest financial institutions in Poland were performed using spyware and phishing techniques. However, it is always difficult to obtain detailed information on losses made as companies do not like to publicise the fact that they have been hacked. Data theft by employees is also a concern.”

SERBIA

Ljiljana Urzikic Stankovic

Stankovic & Partners

“The world of cyber threats is changing constantly and rapidly. What may seem a serious threat today may be harmless in a few years. The biggest cyber threats for companies today are targeted attacks on a specific organisation. For example, a big company may receive invisible malware through a partner, such as small service providing companies. It is easier for cyber criminals to attack organisations with weak security measures, which cooperate with bigger companies. There is a common risk when employees open attachments or links of unknown or suspicious origin. Some malicious programmes are created so that they are automatically ‘downloaded’ to a device once the link or attachment is opened.”

JAPAN

Ari Davies

Deloitte Tohmatsu Cyber LLC

“We are well past the age of the amateur lone-wolf hacker, and have entered the age of nation-state and organised crime attackers. On the other hand, we are also entering the era of cloud platforms and cloud security, which is adding an extra layer of complexity for attackers. This has brought an array of new cyber threats, but surprisingly enough the attack vectors still remain the same as in the past few years. So, while the initial attack vectors are still phishing, for example, phishing attacks are maturing, ransomware strategies and tools are evolving and nation-state attacks are becoming more commonplace.”

SOUTH AFRICA

Dr Kamil Reddy

EY

“Across Africa, cyber threats are growing across industries and sectors. The financial services sector, specifically banking, remains a hot target for cyber criminals, with attacks focusing more on the consumer of digital transaction services, rather than direct attacks to penetrate bank defences. These ‘micro attacks’ are perpetrated via the typical phishing, social engineering and man-in-the-browser attacks that have become commonplace, but there is also a growing trend to target high-net worth clients through coordinated attacks from bank staff and external parties, typically on the service provider side.”

CONTRIBUTORS

AIG Europe S.A.

Aon Spain

Capital Bay Underwriting

Deloitte Tohmatsu Cyber LLC

EY

Navigant Consulting, Inc.

Rapid7

Stankovic & Partners

Tokio Marine HCC