The cyber risk landscape is likely to increase during 2022, according to an expert from Beazley.
Raf Sanchez, head of cyber services at Beazley, said that a relatively unexpected impact of cyber incidents is the damage to reputation and goodwill an incident can cause.
“Whilst many organisations know to expect short-term technical and operational impacts, we find they are often unprepared for the longer-lasting impact on their reputation,” Sanchez said. “This is because many incidents are notifiable not just to regulators, but often must be disclosed to clients (who have inserved mandatory notification obligations into their contracts. Also, staff may find out about these incidents when they are asked to help remediate them or if they are impacted themselves – for example, if payroll is delayed.”
Sanchez said that Beazley expects an increase in directors and officers claims linked to cyber attacks in 2022, as well as a rise in third-party litigation arising from cyber events.
“Many organisations were forced to change how their core operations were performed due to pandemic lockdown restrictions,” he said. “Often, this meant hurriedly allowing operations to be made accessible remotely for home workers. Unfortunately, this also meant that some organisations did this without sufficient preparation or understanding of the greater risks to which this exposed them, and many inadvertently opened the door to cyber criminals who moved fast to exploit staff, processes and networks that were suddenly exposed.”
With many organisations moving to hybrid work permanently, cyber criminals are continuing to exploit this vulnerability, Sanchez said. That means the need for cyber insurance “has dramatically increased and will continue to do so,” he said.
“I predict that the cyber criminal landscape will continue to develop over the coming year; the tactics currently being implemented are so effective at generating financial rewards that they are only likely to increase in frequency, innovation and efficacy,” Sanchez said. “The specialisation we have seen emerging over the past year, with certain groups of cyber criminals concentrating on specific strategies. Despite the efforts of various stakeholders in the risk management space, from private organisations to insurers, ransomware will continue to be a persistent and evolving threat in the coming year, making a layered defense – including technical and operational measures backed by robust cyber insurance cover – essential.”