The warnings couldn’t be clearer: Both the costs and the ways companies can be targets of cyber-attacks are increasing.
A Lloyd’s report produced in association with KPMG, law firm DAC Beachcroft, and Lloyd’s insurers revealed how cyber-attacks are constantly evolving. For instance, professional services firms like lawyers or accountants are now being targeted more as a means to get to their usually big clients.
The report also noted significant financial losses amid a major growth in targeting companies through CEO fraud. It turns out that retail is increasingly being targeted as well by organised cyber-crime.
As for the infamous ransomware and distributed denial-of-service attacks, businesses with healthcare are the likely victims, with media and entertainment also becoming a particular target. Meanwhile, telecommunications and the public sector are highly susceptible to cyber-attacks focused on espionage.
“Insurers are used to helping clients protect themselves against risks that stay relatively constant, year on year. Cyber risk isn’t like that: it morphs and evolves at a rapid pace. To take just one example, we saw ransomware attacks against our clients more than quadruple last year and we expect them to double again in 2017,” said Paul Bantick, senior cyber underwriter at
Beazley.
The report cited four aggravating factors for the damage caused by cyber-attacks:
- higher penalties for breaching cyber-security rules as set out in forthcoming European legislation
- victims being more willing to sue firms that have lost their data
- increased responsibility for cyber security in the supply chain
- greater vulnerability through the increased use of connected devices
As for costs, the full amount involves not only the immediate ones but also what is called the “slow-burn” costs or those associated with the long-term impacts of a cyber-attack. Lloyd’s said examples include the loss of competitive advantage and customer churn. These slow-burn costs can easily inflate final bills when added to immediate costs such as legal fees and extortion payouts.
Related stories:
Latest ‘Petya’ ransomware attack could cost firms 10 times more than WannaCry
Cyber insurance take-up surges by 35%