An industry expert has revealed the biggest cyber risk trend of the first part of the year as businesses across the region could face threats.
Kym Beazleigh, national underwriting manager for Corporate Institutions for Zurich in Australia, spoke to Insurance Business after the launch of cyber solution DigitalResolve across the region and said that social engineering and whaling is a big trend.
“The biggest trend we have seen in the first six months of this year is the social engineering type fraud,” Beazleigh said.
“There is a bit of terminology going round at the moment in the industry referring to it as whaling. We had phishing and now we have whaling.
“Phishing, obviously just sort of targeting random individuals, but whaling and this social engineering is generally targeted at extorting executives or using executives as part of the extortion attempt.
“Effectively it involves you sitting at your desk potentially working in accounts and you receive an correspondence in your email or a call from someone pertaining to be a senior executive, either a CFO or a CSO, managing director, asking for an emergency transfer of funds because a certain customer has not been paid on time and is very upset and is about to cancel their contract with your business.
“That is certainly an area that we have seen developing and probably the biggest one from that perspective over the first six months of this year.
“Absolutely I think people need to be aware of those trends and again, as always with these things, revisit their risk management framework and make sure they have those controls in place to trigger someone just doing those checks and balances in the event that they receive a communication like that.”
With DigitalResolve now available throughout the Asia Pac market, Beazleigh said that solution offers “a different approach” to cyber cover.
“I think in these incidents, they happen very quickly and a data breach can escalate very quickly,” Beazleigh continued.
“A typical sort of attack would be an email threatening to release confidential information that has been obtained through access to an insured system and therefore time is of the essence. Normally, it contains an extortion threat, please pay us a certain amount of money within a certain time frame, and usually those time frames are quite restrictive so from our perspective having that centralised incident manager to help you set up a plan as to how you deal with the breach and have a single point of contact in that first instance, in those first 24 to 48 hours, we think that is the right way to go.
“That incident manager will then put a clear solution plan in place under DigitalResolve within 48 hours and then that plan may involve the clients or the customers dealing directly with the vendors but in that first instance it is that first port of call to help understand what when wrong and agree an action plan to move it forward.”
Cyber could represent a huge growth area for insurance businesses across the region as Beazleigh noted that as the market matures and grows, the need for cyber coverage becomes paramount.
“One you’ve got the incredible population density across all of Asia, two you’ve got an incredible increase in terms of the number of users of the internet, bear in mind cyber exposure and cyber risk is not assessed purely on the number of internet users but it is always a good barometer to see the interconnectivity of businesses,” Beazleigh said on the growth of cyber throughout the region.
“A lot of Asia businesses are now hubs for various operations around the world and when you are connected to those systems whether they are your own subsidiaries of your external subscribers overseas, that also brings incredible exposure because wherever you are sending that data and wherever you are storing that data offshore, you then become subject to those privacy acts and privacy legislations of particular jurisdictions so it is definitely a market and an area of untapped opportunity.”