ARTitle_Cyber_JULY18.jpg

ANNUAL REVIEW

Cyber Security & Risk Management 2018

July 2018  |  RISK MANAGEMENT

financierworldwide.com


Click cover to download

(Subscriber-only password access)

 

Not a subscriber?

Click here to join the FREE mailing list and receive password access


Cyber security has become one of the most pressing issues of our time. The rapid rise of new technologies and practices, such as automation, digitalisation, artificial intelligence (AI), Big Data and the Internet of Things, has meant that many companies and industries are navigating new risks. Companies must ensure that they are fully cognisant of both the risks and rewards of utilising technology solutions. This awareness must form part of each organisation’s wider risk management strategy.

 

UNITED STATES

Thomas Fuhrman

Marsh Risk Consulting

“Today’s cyber risks arise from the shared reliance on ubiquitous and vulnerable technologies. In the past several years, cyber attacks have become more sophisticated, more destructive and more common. Some of this sophistication comes from the availability of attack techniques and methods, which reportedly originated from sources, such as nation-state military intelligence and services and advanced cyber crime syndicates. The ‘WannaCry’ ransomware attacks and the destructive ‘NotPetya’ attacks of 2017 are prime examples, and we expect many more. NotPetya, which disabled and effectively destroyed large numbers of servers and desktop computers worldwide, was disastrous for two reasons.”

 

ARGENTINA

Diego Fernández

Marval, O’Farrell & Mairal

“The Argentine cyber security landscape looks much like the rest of the world. Cyber criminals are likely to attack organisations and individuals in Argentina with increasing intensity and frequency. Because Argentina lacks legislation establishing comprehensive cyber security standards, the level of protection used by organisations is inconsistent. Over the past year, Argentina has seen a large number of cyber attacks. Some of these are entirely new or had not been prevalent in the past. For instance, attacks have been carried out which compromise computers in order to use their processing power to mine bitcoins, which are then collected by hackers. Others have targeted physical business assets, leading to losses.”

 

UNITED KINGDOM

Jamie Bouloux

RSG Europe

“2017 was an unprecedented year for cyber events. We witnessed two of the largest systemic attacks to have faced the digital age in ‘WannaCry’ and ‘Petya/NotPetya’. These events showed the speed with which a global attack can manifest and their potential economic cost. WannaCry, the single biggest ransomware event ever, spanned 150 countries and led to an estimated economic loss of $8bn. Petya/NotPetya further demonstrated the issues companies face in managing globalisation and sprawling networks, as many of those affected were the subsidiaries or local operations of larger global conglomerates.”

 

SPAIN

Nelia Argaz

Marsh Risk Consulting

“Today’s cyber risk environment often has complex and cascading consequences for organisations, and the threats companies face are growing and becoming more sophisticated as the pace of new technology development accelerates. Moreover, organisational and personal cyber risks are separated by a very narrow and blurring line, so the potential impacts affect all types of technology users. On the one hand, the tools and services available in the deep web used for committing cyber crime appear to be growing steadily and becoming more commercialised. Online trade in ‘ransomware-as-a-service’ or bulletproof hosting is readily available.”

 

NETHERLANDS

Maurice Kok

Tokio Marine HCC

“By now, most of us have heard about the data breach at Equifax, the business interruption incident at Maersk or about Facebook under scrutiny for its treatment of privacy. The cyber threat landscape can be quite overwhelming and it is not only limited to online activities. Hackers often perform physical reconnaissance on site to detect an easy way in. After all, why bother trying to hack an expensive security system if you can just walk into the server room? Social engineering is another popular technique which is employed by attackers to appear trustworthy to employees. Device hacking has become common too, as more devices form part of the Internet of Things.”

 

GERMANY

Gülsah Dagdelen

Tokio Marine HCC

“Cyber risk is one of the main concerns for companies around the globe. Due to the interdependent and correlated nature of cyber risks, not only from risk to risk but even from company to company, insurance solutions need to go beyond the traditional. Automation, digitalisation, the Internet of Things (IoT), artificial intelligence (AI) and Big Data are daily boardroom discussion topics. They not only present opportunities but also significant risks to companies of all sizes. This strongly points to IT security as a risk management priority. Companies should ensure that they are prepared for any cyber incident.”

 

MALAYSIA

Deepak Pillai

Christopher & Lee Ong

“The cyber risk environment is rapidly expanding, not only in terms of increasing risk exposure faced by companies and individuals from cyber risks, but also in terms of awareness of the cyber risks among corporate clientele and government authorities. There is also a growing realisation among the latter that there is a clear need for targeted regulation and the imposition of appropriate penalties. While cyber risks appear to be increasing for businesses, levels of accountability lag behind more mature jurisdictions, as evidenced by the very small number of lawsuits being brought against companies in relation to the damage and harm caused by cyber breaches.”

 

TAIWAN

Sean Y. S. Liu

Lee, Tsai & Partners

“The most serious cyber security incidents in the past two years were First Bank’s ATM theft in 2016 and the cyber attack on Far Eastern Bank’s SWIFT system in 2017. Both cases involved the careless management of information systems and insufficient personnel training and supervision. There have been a few instances where companies have endured a cyber attack despite solid management of information systems. Most cyber breaches involve human error. While the business environment is becoming increasingly internet oriented, many companies’ internal control systems have been unable to keep pace. This has been the most significant risk in today’s environment.”

 

JAPAN

Mitsuhiko Maruyama

Deloitte Tohmatsu Risk Services

“We are seeing an increasing number of cyber attacks perpetrated by organised criminals and nation-state actors. The use of IT among attackers is evolving, as we have seen in the use of cryptocurrencies as a means of earning money, for example. Internet of Things (IoT) devices and factory systems are being targeted by attackers. IoT devices are also being used as an attack vector. Furthermore, attacks seem to be becoming larger in scale. New monetisation techniques, like cryptocurrency mining malware are also emerging, and the traditional cyber attack framework may not be able to detect them.”

 

AUSTRALIA

Paul Kallenbach

MinterEllison

“There has been a rise in cyber risk mitigation activity in the six to 12 months leading up to Australia’s new mandatory notifiable data breaches regime. The subsequent implementation of the EU’s General Data Protection Regulation (GDPR) has contributed to this activity, which continues to increase. The main trend that has emerged in recent months is the rise of sophisticated social engineering or ‘human hacking’ incidents, with senior financial employees targeted in criminal attempts to intercept payments.”

 

BAHRAIN

Steven Brown

Al Ruwayeh & Partners (ASAR)

“In Bahrain, cyber risk is constantly being affected by the rise in the use of technology and the recent introduction of electronic wallets in Bahrain. Bahrain has taken a strong stance on protection of online payment systems, noting that this has been led substantially by the private sector. Use of one-time password (OTP), randomised e-pin input pop-ups and other online tools to protect against cyber criminals’ use of Bahrain issued cards has expanded through the last 12 months. In particular, Bahrain has introduced a regulatory sandbox for the introduction and promulgation of electronic payment systems by the Central Bank of Bahrain.”


CONTRIBUTORS

Al Ruwayeh & Partners (ASAR)

Christopher & Lee Ong

Deloitte Tohmatsu Risk Services

Lee, Tsai & Partners

Marsh Risk Consulting

Marval, O’Farrell & Mairal

MinterEllison

RSG Europe

Tokio Marine HCC


©2001-2018 Financier Worldwide Ltd. All rights reserved.