Risk managers have voted cyber threats as the top danger their organisations face in the 2020 Allianz Risk Barometer. This year’s poll saw 39% of the 2,700 participants choosing cyber-risk as their biggest risk compared to only 6 per cent of those taking part in 2013 when the risk ranked as the 15th most important.
The nature of the threat has changed radically over the past seven years. “Businesses face a growing number of cyber challenges including larger and more expensive data breaches, an increase in ransomware and business email compromise (spoofing) incidents, as well as the prospect of litigation after an event,” the report said. “Political differences between nation states being played out in cyber space brings added risk complexity, while even a successful merger or acquisition (M&A) can result in systems problems.”
Allianz found that data breaches are the main cause of cyber incidents. They are becoming larger and costlier to remedy as organisations collect and use increasing volumes of personal data. A breach of 50 million records costs an average of $390. With tougher compliance rules such as the European Union’s General Data Protection Regulation (GDPR) now in force, fines are likely to increase in volume and size. Attacks on companies that have gone through mergers or acquisitions (M&A) are on the rise.
“Even the best protected companies will be exposed if they acquire a company with existing vulnerabilities and the acquiring firm could be liable for any incidents pre-dating the merger. Considering potential cyber vulnerabilities and exposures needs to become a higher priority for businesses conducting M&A,” the report warned.
Ransomware is predicted to become an even more common cyber-risk, particularly in the state, local government and healthcare sectors, according to Check Point’s 2020 cyber security report.
“Ransomware attacks were launched in 2019 as a lethal mass weapon that can easily shut down large-scale organizations, cities, local governments and healthcare organizations. New Orleans mayor declared a state of emergency in the wake of massive cyberattack,” Lotem Finkelstein, head of threat intelligence at Check Point, said in the report. “This reflects a gradual escalation in what we expect will get even worse in upcoming years. In light of such events, it’s clearly evident that organizations must adopt a strategy of prevention and not merely rely on detection or remediation.”
While email remains the most common form of phishing attack (where the attacker tricks the recipient of an email to click on a compromised link), hackers are increasingly using SMS texting attacks against mobiles or the use of messaging on social media and gaming platforms, said Check Point’s report.
It also predicts that the 2020 Olympic Games, to be held in Japan this year, will be a major target for cyber criminals. “Previous Olympiad organizers faced extensive cyber incidents, with 500 million attacks estimated during the 2016 Rio Games and 250 million during the 2012 London Games. We expect that attackers won’t ‘discriminate’ with the 2020 Olympiad and they’ll invest as much effort, if not more, to disrupt this highly anticipated (and lucrative) event,” it said.