AIG’s 2017 cyber claims statistics reveal business’s key vulnerabilities, and indicate areas of focus for risk committees and business continuity providers, says Roxanne Griffiths, Financial Lines Underwriting Manager, AIG South Africa.
he recent release of AIG’s cyber claims statistics for 2017 reveal the trends that businesses should be watching into the future. AIG’s statistics show cyber threats are escalating: claims notifications for 2017 equalled the total claims for the previous four years. On average, in 2017, AIG’s cyber claims staff was handling the equivalent of one claim per working day.
“Our statistics confirm that business’s increasing reliance on digital platforms has created a large group of vulnerabilities that must be addressed. This is not news to business, but it is good to have it confirmed, and perhaps the extent of the growth in successful attacks (and thus claims) may surprise many,” says Roxanne Griffiths, Financial Lines Underwriting Manager, AIG South Africa. “The statistics also make it clear that ransomware remains the top cause of loss in cyber claims. This was probably expected, but it’s less well understood that business interruption is the key impact of a ransomware attack.”
Another important trend is that the incidence of cyber claims is spreading more broadly across a range of industry sectors. In the past, financial services companies were the major source of cyber claims, but their percentage of claims dropped from 23% in 2013-16 to 18% in 2017, with professional services growing strongly. The retail/wholesale sector made up 12% of cyber claims, with business services and manufacturing both at 10%.
The growth in the percentage of claims from professional services firms, up from 6% in 2013-2016 to 18% indicates they are becoming more of a target. Lawyers and accountants, in particular, have large databases of sensitive client information that are attractive to hackers. AIG predicts the European Union’s General Data Protection Regulations (GDPR), which recently came into effect, will make firms more vulnerable to extortion, and the same trend could emerge in South Africa when the Protection of Personal Information Act (POPI) comes into force.
Another worrying trend is that the professionalism associated with ransomware attacks is diminishing, along with the certainty that those who pay the ransom will get their data back.
“Ransomware is becoming commoditised and automated. In line with this, attacks seem to be becoming indiscriminate, so even if you don’t think you have any valuable data or are too small, you can still be targeted and suffer business interruption,” says Griffiths.
AIG expects claims trends over the next 12 months to continue to be affected by the commoditisation of ransomware and more data breaches due to the influence of GDPR. Given the ongoing political uncertainty globally, actions by various state or quasi-state actors could also drive cyber attacks and thus claims.
Based on its analysis of these claims statistics, AIG has identified the top cyber security risks for companies in the Europe, Middle East and Africa region:
* External servers with remote access combined with weak passwords. This offers an opportunity for the introduction of malware and ransomware. Remote access should be carefully controlled.
* Lack of user awareness permits hacking by phishing for passwords. The user engages with the content of a phishing e-mail and is directed to a fake login page, where credentials are harvested, opening the victim’s account to hackers. Any request for login details is a red flag for phishing.
* Weak login protocols. The risk from phishing is eliminated if two-factor authentication is enabled, requiring a secondary code for account login. As a minimum, this should be adopted for business directors and partners, and employees involved in payments.
* Failure to install DDOS (distributed denial of service) defences. DOS attacks are an attempt to make a company’s servers unreachable by increasing the online traffic to the site. The flood of traffic can cause the Web site to shut down completely, and this type of attack is an increasing threat, especially as poorly protected devices on the Internet of things are easily harnessed by hackers to create botnet armies capable of pushing out huge amounts of data.
For the detailed report, please follow the link below https://www.aig.co.uk/insights/cyber-ransomeware-disrupts-business.