The evolving nature of cyber risks and changing landscape since the start of the pandemic; and what that all means

With millions working from home in what was an almost instantaneous move to remote working in March, the cyber landscape changed overnight, while many were focused on other priorities.

This sudden, unforeseen and drastic change combined with multiple distractions presented a huge challenge for many organisations; and a prime opportunity for the cyber criminals.

In addition to the weakened ‘offnet’ infrastructure, home wi-fi and personal device vulnerability, employees’ remote working are more prone to human error. With many people already feeling vulnerable and without colleagues around them to sense check an email or may be multitasking care commitments and general distractions not faced in an office. This shift in behaviours is pivotal, given around three quarters of cyber claims are caused by human error.

Like most common criminals, cyber criminals are opportunists and quickly exploited the situation, launching phishing attacks that prayed on employees’ fears and vulnerabilities, including emails offering Covid-19 related tax relief, offering hand sanitiser, face mask, together with warnings about breaking new lockdown rules.

As Graeme Newman, Chief Innovation Officer at CFC Underwriting has said for some time, “businesses in the cyber world are not targeted because they’re valuable, they’re targeted because they’re vulnerable. And that is what a lot of smaller businesses miss.” He has been proven right again.

 Ransomware is a primary concern, which has become a much more common and far more sophisticated. What used to be scattergun approached focussed on encrypting systems and preventing access, they are now more targeted and are likely to also steal personal data held by the company. Threatening to publish it if the ransom isn’t paid, this presents reputational risk, as well as a potential data protection fine and notification costs.

Another notable change is the ransom demands; not only has the amount substantially increased, but with the hackers often having accessed company accounts, they are also ‘realistic’ in the sense that the hackers know the company have the funds to pay and often make this known. As recently as three years ago the value of a typical extortion demand would average the low thousands but are now routinely high six-figure or million-pound extortion demands.

Another emerging trend this year has been cyber-attacks on managed service providers (MSP’s), meaning there are huge vulnerabilities for businesses who outsource hosting or services to third parties now getting attacked where they become the victims caught in the crosshairs. Blackbaud was a perfect example of that in action in May, a socially good charitable hosting platform for charities, hospices and educational institutions globally, but the UK was disproportionately hit.  

As always, prevention (or at least strong mitigation) is better than cure and is now crucial. Big data and the capability to scan customers, and scale within the market are becoming essential from an underwriting and performance perspective. It will not be sustainable for insurers to fund the losses being seen with a limited pool. Some markets that had dipped their toe are pulling out of cyber as the losses build against low price.

Risk management and claims infrastructure and response are key parts of the proposition; risk assessments, bulletins, best practice guidance and training are invaluable to ensure cyber-security really forms part of a organisations culture. Education is key.

Many believe the pandemic is a blessing and a curse for the cyber risks faced with organisations going through short-term pain as they adapt to future working. It will lead to greater adoption of cyber-security and is also changing perspective on insurance spend.

It’s estimated that over 90% of the world’s insurance spend is spent on protecting tangible assets, despite the technology revolution. But in that timeframe, the value of the world’s intangible assets has grown to far outstrip the value of the world’s tangible assets.

But perceptions are changing and are starting to more closely align with the fact that we are so reliant on data and systems. The pandemic has showed that for many, if we cannot access systems, we simply cannot work - whereas physical buildings and premises for some organisations have become slightly redundant or at least less critically relied upon.

Given the substantial changes impacting the market - the increase in the average value of a claim considering the premium was fixed months previously for a risk and potential quantum that looks completely different today - the cyber market is definitely hardening.

It’s a simple case of supply and demand and time will tell in terms of the increases we see.

We will likely look back at this as a sea-change moment.