COVID-19 restrictions across the globe have meant a skyrocketing rate of people working from home, and, according to cyber security company InPhySec, cyber crime and ransomware attacks have also grown in tandem at an alarming rate.
InPhySec’s data showed a 148% increase in remote workers, accompanied by a 161% increase in traffic to high-risk apps. It says that 63% of malware is now also delivered through cloud-based services, rather than through the web.
Cyber support organisation CERT NZ’s research highlighted that 61% of New Zealand’s business owners had “no real knowledge” of how to safeguard the payment data of their customers, and approximately 39% had never heard of the Payment Card Data Security Standard (PCI DSS) - an international security requirement for all websites that accept payment data. According to Delta Insurance managing director Ian Pollard, high-profile cyberattacks, such as the recent attack against the New Zealand Stock Exchange, have certainly seen an increase - however, he says the underlying risks leading to these attacks have been in place for a long time.
“For me, the NZX incident just highlights the risk exposures that are already there within our institutions, our infrastructure and our everyday lives,” Pollard commented.
“Every week we’re hearing of large-scale cyberattacks or ransomware events, and the NZX incident has obviously caught the public imagination as it’s perceived as such a prestigious entity. But that type of activity is going on every week, and almost every day of the year.”
“On the personal side, the current situation is driving demand for personal cyber protection, and we’re likely going to start seeing more claims over the next 6-12 months,” Pollard said.
“On the commercial cyber side, we’ve very much seen an increase in incidents - and that’s in line with our expectations and our policy count growth. We are seeing and hearing of a number of high-profile cyberattacks here in New Zealand, and COVID-19 and working from home is certainly accentuating those risks.”
Pollard says that Delta has been working on cybersecurity improvement and awareness since its inception, and that the risks and exposures have not fundamentally changed. However, he says that that some countries across Europe are seeing a significant ‘hardening’ of the cyber insurance market as a result of COVID-19, and that it is more important than ever for companies to be aware of their cyber risks.
“This is something that we’ve been thinking about over the last four-five years,” Pollard said.
“We’ve been running at a reasonable level of cyber claims for quite a while, so our frequency of cyber claims on the commercial side is not too dissimilar to what it was last year. But what is happening is that there’s a lot of risk awareness being driven by increases in traffic and numbers of high-risk cyber incidents.”
“While there hasn’t yet been an exponential increase in claims, I am hearing that in some parts of Europe and the EU that the cyber insurance market is hardening significantly, and rate increases in some cases are as high as 50%, or even 70%,” he added.
“So, it seems there may be pockets of increased claims activity, and those are markets that have arguably got a much wider spread of cyber insurance.”
CERT NZ director Rob Pope says Kiwi businesses need to be extremely vigilant - especially those that deal with customer payment data on a daily basis, as an attack on an online store could have devastating consequences. He says businesses should familiarise themselves with PCI DSS requirements, and “take the guess work” out of their security standards.
“For these businesses, it’s really important to go back and undertake an audit of all their security measures to ensure they are as protected as they can be,” Pope said.
“Just as business owners lock up their physical shop to keep it safe, they need to take similar precautions with their online store.”
“We believe it’s important to raise awareness about PCI DSS among SMEs, especially given the number of businesses that were driven to move online swiftly during lockdown,” he added.
“In doing this, some vital security measures that protect e-commerce websites may not have been front of mind.
“The current uncertain climate demonstrates just how important an online store is to a business, and how important it is to safeguard it.”