Click cover to download

(Subscriber-only password access)

Not a subscriber?

Click here to join the FREE mailing list and receive password access

The cyber risk environment continues to evolve. Companies are facing new and emerging threats from malicious actors, whose methods are becoming more sophisticated. Cyber criminals are finding more effective ways to detect vulnerabilities in target organisations. Meanwhile, regulators, investors, customers and other stakeholders are demanding more of companies’ approach to cyber security and risk management. As such, the consequences of a breach can be catastrophic. It is therefore imperative that companies improve their ability to uncover deficiencies in their systems and improve their security processes. By conducting cyber risk assessments, companies can identify their key data and consider how to protect it.

UNITED STATES

Hogan Lovells US LLP

“The risk environment continues to evolve. There is greater emphasis from regulators and influential authorities on cyber security risk in terms of overall enterprise risk and governance. Notable examples of this are the recently published National Institute of Standards and Technology’s (NIST’s) Cybersecurity Framework (CSF) 2.0 and the Securities and Exchange Commission’s (SEC’s) Cybersecurity Disclosure Rule. For NIST CSF, the most significant updates enhance guidance for cyber security governance and third-party risk management.”

CANADA

McCarthy Tetrault

“The current cyber risk environment is dynamic and increasingly sophisticated. Over the past 12 to 18 months, we have seen a significant rise in ransomware attacks targeting critical infrastructure, healthcare and public sectors. These attacks have grown not only in frequency but also in complexity, with threat actors using more advanced techniques such as double extortion schemes, where data is both encrypted and exfiltrated, and victims are threatened with public release of their data unless the ransom is paid.”

BRAZIL

Tauil & Chequer Advogados

“In 2023, the global average cost of data breaches was around $4.5m, a 15 percent increase over the last three years. According to the World Economic Forum (WEF), cyber security will be the fourth most severe risk companies face over the next two years. The cyber risk environment is constantly evolving, and malicious actors are increasingly targeting critical infrastructure in addition to strategic and confidential information. Cyber criminals are also increasingly turning to social engineering techniques to extort employees and executives alike.”

FRANCE

Gibson, Dunn & Crutcher LLP

“Today’s cyber risk environment presents diverse threats challenging organisations worldwide. Over the past 12-18 months, notable cyber security risks have increased significantly compared to 2022, including ransomware, malware and social engineering tactics like phishing. Cyber criminals are increasingly targeting valuable data through breaches, while sophisticated denial of service attacks disrupt access to critical services. Furthermore, attacks on internet infrastructure by government-backed organisations have escalated.”

GERMANY

Norton Rose Fulbright

“Threat intelligence and available statistics suggest that the volume of cyber security incidents has notably increased over the past 12-18 months. This surge in malicious activities stems from advancements in technology and the interconnectedness of digital systems, in addition to the rapid increase in sophistication of threat actors. Ransomware attacks continue to be a prominent threat, targeting critical infrastructure, healthcare facilities and supply chain networks. These attacks not only pose substantial financial risks but also disrupt business operations.”

SPAIN

Aon Spain

“Cyber risk today can be summarised as a constant and evolving threat to individuals, organisations and governments. Attacks are becoming more sophisticated, resulting in data theft, service interruption, financial loss and reputational damage. The expansion of connected devices and dependence on technology increases the exposure to cyber risk, requiring proactive security measures and increased awareness of cyber threats. Over the past year, several significant cyber risks have emerged, including ransomware attacks targeting large businesses, government organisations and critical service providers.”

ITALY

Hogan Lovells

“In Italy, we have seen a significant increase in malicious cyber attacks over the last 18 months. Ransomware and phishing attacks are growing at a worrying rate and are increasingly targeting small and medium-sized enterprises, whose cyber security budgets and planning are often insufficient to manage risks and respond quickly.”

SINGAPORE

Norton Rose Fulbright (Asia) LLP

“Organisations continue to face the scourge of ransomware attacks, which has been described by Singapore’s Cyber Security Agency as “a near universal cyber threat” impacting almost every industry and government. According to Chainalysis, 2023 represented a major comeback for ransomware, with record-breaking ransom payments being made. In the past 12 to 18 months, cyber security supply chain risks have emerged as a critical risk area for companies. Supply chain vulnerabilities allow cyber threat actors to leverage an attack against a single supplier to compromise a host of companies downstream,”

SOUTH AFRICA

Deloitte

“An emerging risk that has grasped the imagination and headlines of late is that of generative artificial intelligence (GenAI). A recent Deloitte study found that 62 percent of business and technology leaders expressed excitement as the top sentiment around GenAI, while many others were overwhelmed, anxious and in some cases, even angry about GenAI developments. As with any new, disruptive technology, fear of the unknown, coupled with massive hype, can lead to unpredictable consequences.”

CONTRIBUTORS

Aon Spain

Deloitte

Gibson, Dunn & Crutcher LLP

Hogan Lovells

Hogan Lovells US LLP

McCarthy Tetrault

Norton Rose Fulbright

Norton Rose Fulbright (Asia) LLP

Tauil & Chequer Advogados