Cyber risk consistently ranks as one of the top global business risks in the Allianz Risk Barometer. In 2021, cyber slipped from the top spot to third place, beaten only by pandemic risk and business interruption. More than half of respondents (56%) to the global survey listed data breach as the cyber exposure that concerns them the most, followed by remote working and ransomware attacks – but these days, all three risks are very closely linked.
“There’s been a significant evolution in the sophistication of cyberattacks … including the tools that are available to the attackers,” said Thomas Kang (pictured), head of cyber, North America, Allianz Global Corporate & Specialty (AGCS). “Ransomware, which involves attackers getting access to your systems and encrypting your data has been on the rise and continues to be a significant concern for us and for our customers.
“Ransomware events can involve a ransom demand as the name implies. It can involve unavailability of systems because your most important data has been encrypted, and it can also involve data breaches, because attackers have taken your sensitive data prior to encryption. Business interruption resulting from ransomware continues to increase and has been the primary driver for the cause in some of these events.”
In recent years, ransom demands against large companies have skyrocketed. Today, it is not unusual to see seven- or eight-figure demands against large companies. If they’re not prepared to restore from backups, or have not properly protected their assets, the actual payment of ransoms can be very significant.
“Ransomware claims are certainly getting more expensive,” said Neal Jardine, senior general adjuster & cyber practice leader at Crawford & Company Canada. “One reason why ransomware has become more expensive is that hackers are stealing the data. In the past, they would encrypt the data and demand the ransom […] but every other company would have appropriate back-ups and they wouldn’t have to pay the ransom. Although it’s still a ransomware attack, that kept the costs down.
“Now, hackers have started doing more data exfiltration, so companies are paying for extortion and a ransom claim all on the same boat. In some cases, hackers will say: ‘If you want your data back, pay $100,000, and if you want us not to post it on the internet, pay another $100,000.’ It's almost a two-pronged attack that companies are dealing with, as opposed to before when they only really had to deal with the ransom and the advice was always to ensure they had good back-ups without any gaps.”
2020 saw a rise in ransomware attacks at a time when the global business community was at its most vulnerable. With the COVID-19 pandemic driving greater digitalization and remote working, IT vulnerabilities have intensified tenfold.
“Generally, more companies are aware of their vulnerabilities to cyberattacks and the potential impact that cyberattacks can have on their ability to operate,” said Kang. “More recently, because of the push toward greater connectivity and the work from home environment driven by COVID, we've seen a significant increase in the number of reported claims.”
Some of the factors contributing to more data breaches and ransomware events include: distracted employees, increased remote access in the work from home environment, and budget constraints.
“Everyone is working from home, where there are naturally more distractions from kids or other family members, and when you couple that with phishing attacks that are COVID themed, there are more clicks on malicious links and more breaches,” Kang explained. “Second, companies are also in a difficult position and have more remote access points. We’ve seen less security around employee access points for corporate networks, and bad actors have been able to take advantage of some of those vulnerabilities.
“In terms of budget constraints, we all have clients that have been heavily impacted by the pandemic, for example, in the retail, hospitality, travel, and transportation sectors. They’ve all been significantly impacted, and it becomes more important that companies understand the risks and allocate their IT security budgets appropriately to get the most impact for their investment.”
The COVID-19 pandemic has been a “massive learning curve” for many companies on remote access protocol, according to Jardine. In March 2020, after the World Health Organization officially declared COVID-19 a global pandemic, businesses across Canada had to scramble to set their employees up for remote working. This was a novelty for both employees and IT professionals, and not everybody got it right. Some companies suffered breaches after exposing systems to the internet without appropriate security measures like strong passwords and multi-factor authentication.
“All of a sudden, companies went from having an internal network of 1,000 employees to having an external network of 1,000 employees, which they don’t have as much control over,” said Jardine. “There was a big learning curve for a lot of companies who had to upgrade their security and shift employees to a remote working environment where they would be secure. Hackers took advantage of that by targeting their emails and their phishing campaigns around that idea.”