Closing the gaps on cyber risks

As the digital landscape increases, so does the risk of cyberattacks for insurance and other industries.

Ransomware attacks are indiscriminate and no company or industry is immune. Collaboration within a company in terms of communication, information and risks can greatly improve an organization’s chance to protect against these events. Photo: Gorodenkoff/Adobe Stock

Cyber risks are constantly evolving, and while there had been a lull in the frequency of ransomware attacks, that respite has clearly ended. In an interview last month on NPR, Jackie Burns Koven of Chainalysis, a blockchain data platform that provides insights on cyber risks and attacks, said that 2023 is shaping up to be one of the worst years yet in terms of ransomware payments. Koven shared that the company had tracked at least $450 million in ransomware payments through June 2023 and the number is expected to increase.

The costs associated with ransomware attacks center primarily around paying the ransom, remediating the damage caused by the cyberattack, as well as the expenses associated with damage to a company’s reputation following the attack.

A 2021 Depart of Treasury report said that American banks had processed approximately $1.2 billion in ransomware payments and as the digital landscape continues to expand those risks and ransoms will increase.

In May 2023, Auriemma Roundtables convened a Cyber Risk Management Roundtable comprising insurance underwriters and financial services stakeholders. “CISOs discussed the nuances of detection and effective incident response, emphasizing the delicate balance CISOs must strike in communicating the gravity of cybersecurity threats without causing undue fear internally and among executives,” said Tashi Yangdhar, program manager & business development associate for Auriemma Roundtables. 

The executives discussed some of the factors they are seeing as cyber risks increase, shared insights and practical approaches to addressing cyber risks, and identified six specific priorities that can improve how targeted companies respond to a cyber event.

Recognition. The cybersecurity team within any organization plays a critical role in identifying and assessing company risks. As technology continues to play a greater role in every industry and company, the cybersecurity team should be involved in safeguarding confidential information, protecting the company’s assets and ensuring operational continuity following an event.

Communication. The executives said good communication between departments within an organization is essential to combat the growing cyber threats. Sharing knowledge (i.e., trends, risks) can help reduce vulnerabilities, enhance to company’s overall security posture and help mitigate risks surrounding some incidents.

Coordination. Successful cybersecurity for any organization takes a team approach and emphasizes the importance of communication and collaboration because they allow the cyber team to leverage the knowledge of multiple departments to protect against threats and create a more resilient security position.

Budgetary authority. Having adequate funding for the cybersecurity team allows for the implementation of strong security measures, enables the team to respond to emerging threats, and highlights how seriously the company takes its cybersecurity.

Standardized cybersecurity protocols. Establishing a consistent set of practices across an organization helps to ensure that security measures are consistently implemented and adhered to by all employees. This helps to reduce confusion and streamlines security operations.

Investment in technology. People, processes and technology each play a role in mitigating cyber risks. According to Phylip Jones, head of business development for Auriemma Roundtables, “Investing in technology to safeguard against internal and external cybersecurity threats is crucial for financial institutions. It enables the implementation of advanced threat detection and prevention measures, enhances security monitoring and incident response capabilities, protects customer data, and supports regulatory compliance efforts.”

There is no panacea to prevent cyberattacks, but being smart and systematic in their approach can help companies mitigate the damage and identify risks before they escalate.

Related:

Brave new world of cyber insurance meets old world contract principles

The metaverse: An evolving technology