Trends to Watch: Ongoing Cyber Threats Will Drive an Increase in Cyber Security Investments
The cyber risk environment continues to evolve rapidly. Examples include:
- The COVID-19 pandemic caused an increase in cyber attacks as companies navigated the unprecedented nature of the situation and tried to rapidly educate employees about the cyber threats related to remote working.
- The geopolitical events and conflicts experienced around the world in 2022 suggest an increased willingness of nation-states to use cyber attacks to further their global agendas.
- The issue of cyber interference in elections surfaced in 2021-22 and remains a concern.
- There has been a significant increase in hardware and software vulnerabilities over the last few years, which cyber criminals have used to quickly gain unauthorized access to networks. Data brokers and ransomware actors are also looking to opportunistically “buy” data and access from employees within companies, which has led to the emergence of a new “insider threat” risk where cyber criminals openly look for employees willing to sell a company’s data for personal gain. This evolving risk may include data theft, proprietary information theft, intellectual property theft, and concerns about trade secrets. While certain acts of cyber crime have decreased in 2022, the data access brokers have never stopped gaining unauthorized access to client networks and infrastructure, and vulnerability exploitation was one of the main methods utilized by these brokers. For example, in a recent case, a threat actor gained initial access and the company only noticed after 90 days. The threat actors used that initial access to then steal information and impact the network with ransomware. If this becomes a trend, we can expect to see an acceleration in cyber crime in 2023.
- The global financial sector experienced a significant rise in cyber-attacks, driven mainly by theft and geopolitics, in 2022. Attacks on Ukrainian banks PrivatBank and Oschadbank; outages in New Zealand, for Australia and New Zealand Banking Group' attacks on Liquid, a Japanese cryptocurrency exchange, and on SWIFT, the global financial electronic payment messaging system, are some notable examples. The sector will remain prone to cyber-attacks due to, among other factors, the increase in use of digital channels to compete with fintech companies and a growth in digital currencies.
The prominence of long-term hybrid working, rise in ransomware, and widespread data breaches will serve to drive a material increase in cyber security investment as cyber priorities make it to the top of the agenda for most companies around the globe. While we are likely to see leaps in innovation aiming to tackle the ever-evolving cyber security landscape, a global shortage of cyber security skills is projected to continue in the next three years as cyber criminals employ new tools and techniques to bypass even the most robust security measures.
Insurance will continue to play an important role in managing cyber risk, and there has been a marked shift in the Cyber insurance market, which has become more buyer friendly compared to earlier in the year. Businesses with mature, best-in-class cyber risk profiles – especially those which experienced significant price increases in recent years – have options in the market as the pricing environment decelerates materially and more capacity becomes available. Underwriting scrutiny remains elevated and proactive risk assessments will continue to be key in engaging constructively with insurers.
Aon can help. Aon Cyber Solutions collaborates with organizations at every stage of their risk journey to make better decisions and manage the total cost of risk for sustainable cyber resilience. Our technical experience, holistic offerings, and access to coverage help clients assess, mitigate, and transfer cyber risks and recover from incidents.
The Impact of Cyber Threats on Claims Trends
Cyber claims, and the techniques, processes and protocols deployed to respond to, and adjust, such matters are now established – but are not yet perfected.
As the above commentary makes clear, there will be ongoing increased volume of cyber claims and it is important for all industry participants to move more quickly to claim response and resolution models which reflect the level of claim complexity. Analogous to some other lines of coverage, we expect insurers and others to move to a fast-track approach for lower cost claims, allowing technical resources and appropriate time to be dedicated to more complex situations. We anticipate more engagement of a claim advocacy process and less immediate involvement of external counsel representing insureds and insurers as the legal costs associated with cyber claims continue to mount.
Aon’s perspective is that the segmentation of claims approach as referenced above, and a reduction in dependence on lawyers other than in situations in which such skill sets are truly required, will be helpful and appropriate, and bring sustainability and scalability to the cyber claims response arena.