QBE casts spotlight on what's ahead in cyber

Eye-watering estimate announced

QBE casts spotlight on what's ahead in cyber

Cyber

By Terry Gangcuangco

Major global cyberattacks are set to surge by 105% by the end of 2024, according to a new report from QBE.

Titled “Connected Business: digital dependency fuelling risk,” the report highlights that the number of strategically significant global cyberattacks will more than double this year, with projections indicating 211 disruptive and destructive incidents in 2024, up from just 103 in 2020.

While large-scale incidents like the NotPetya cyberattack are relatively rare compared to the more common data breaches and system compromises, their impact is far from negligible. NotPetya, for instance, caused widespread disruptions across Europe, North America, and Asia-Pacific, while its destructive malware led to approximately US$10 billion in damages.

The release of QBE’s report coincides with discussions in the UK to enhance cybersecurity legislation, following a series of high-profile cyber incidents. The government is considering new laws to bolster defences as part of a broader strategy to address the growing threat landscape.

One particularly significant event, although not a cyberattack, was CrowdStrike’s Falcon Sensor failure in July. The incident cost Fortune 500 companies billions in both damages and loss of share value. Cybercriminals exploited the situation, launching phishing attacks involving CrowdStrike-related scams designed to steal data and extort businesses.

According to risk consultancy firm Control Risks, which developed the report for QBE, many cyber incidents remain underreported, painting an incomplete picture of the true scale of the matter.

Additionally, QBE’s research in the UK found that 69% of medium to large businesses experienced cyber disruptions over the past year. The insurer surveyed more than 300 IT decision-makers, revealing that 78% are worried about future cyber threats, and over half (51%) expect to face a cyber event within the next year.

Despite this awareness, the report revealed concerning gaps in preparedness. A third (36%) of companies admitted they lack an incident response plan, and 43% do not have any cyber insurance coverage. Following the CrowdStrike incident, 57% of businesses said they plan to purchase or expand their cyber insurance policies.

“In some parts of the world, take-up for cyber insurance has been slow, but as more businesses see their competitors making use of it and witness the disruption caused by events, it is spurring them on to look for coverage themselves,” said cyber portfolio manager David Warr (pictured).

“CrowdStrike has contributed to changing perceptions of cyber risk and cyber protection. It has raised awareness of the types of events covered under a cyber policy, with cover provided for both security incidents as well as operational issues.”

He also addressed the dual impact of artificial intelligence on cybersecurity.

Warr noted: “AI is both a hindrance and a help to the cyber landscape. As AI becomes more widely accessible, cybercriminals and cyber activists can launch larger-scale attacks at a faster pace. This increased capability in scale and speed brought on by AI could threaten the cyber domain. However, controlled and managed use of AI can also help detect cyber vulnerabilities.”

Warr emphasised the importance of resilience, urging companies of all sizes to enhance their defences and be prepared to act swiftly in the face of a cyberattack. QBE has also developed tools and risk services aimed at helping businesses reduce their exposure and recover more efficiently.

What do you think about this story? Share your thoughts in the comments below.

 

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!