CyberTech

Cyber risks: it’s time to focus on defence

By Business & Finance
21 January 2022

Richard Hanlon, EMEA Chief Commercial Officer, Cyber Solutions, Aon, outlines the importance of implementing defences against cyber attack. 

Pictured: Richard Hanlon, EMEA Chief Commercial Officer, Cyber Solutions, Aon

When insuring property against fire risk, evidence of installed fire detection systems and testing preparedness through fire drills are part of minimum requirements. Cyber risk is much more dynamic, difficult to contain and potentially more damaging to a business, yet too often we do not see sufficient attention towards real demonstration of ability to withstand an attack, especially with smaller businesses – many of whom are now in the ‘sweet spot’ for opportunistic threat actors. 

As a result, fewer and fewer organisations may be unable to secure or renew cyber insurance policies. In addition, Insurers may demand a higher baseline in ransomware protection that includes proactive and reactive measures, as well as business continuity management and incident-response plans. If those conditions are not met, insurers may be more likely to decline coverage. This is evident according to Aon’s underwriting survey data of 2021, which shows ransomware now accounts for the majority of insurer losses (more than 58 percent), with loss ratios increasing between 5 and 25 percent for all large cyber underwriters.

The sheer number of cyber attacks on organisations broke all records in 2020.

Defence is difficult. Ransomware attackers are constantly evolving their tactics and techniques, developing new strains of malware and finding more ways to gain undetected credential access. In fact, hackers and criminals exploited the pandemic to target every business sector. The sheer number of cyber attacks on organisations broke all records in 2020. For example, ransomware attacks grew dramatically — up 400 percent from the first quarter of 2018 to the fourth quarter of 2020. Yet Aon’s research shows that only 31 percent of organisations have adequate business resilience measures in place to deal with ransomware threats.

Alarming statistics related to the frequency and severity of cyber attacks and dire warnings by business and political leaders have heightened awareness of this risk. In Aon’s 2021 Global Risk Management Survey, participants around the globe rated the risk of cyber attacks/data breach as the number one threat facing organisations today, compared to number 6 in our 2019 survey. 

The winners are those that focus, not solely on response and recovery, but on identifying and protecting against risks and when under attack, successfully defending against them. 

This lack of resilience means we are seeing a clear emergence of winners and losers when it comes to dealing with cyber threat. The winners are those that focus, not solely on response and recovery, but on identifying and protecting against risks and when under attack, successfully defending against them.  Those that lose have not prepared for the expected by carrying out ransomware attack simulations to understand how vulnerable they are, therefore, developing confidence in their ability to detect an infection before the malware becomes widespread and the encryption of data takes place.

When assessing cyber risk, and particularly ransomware threat, it’s a fallacy to assume attackers focus on zero-day vulnerabilities and only access the network at the time their attack is launched. Attackers are likely to have accessed the network much earlier using that time to carry out reconnaissance, install persistent back door entry by disabling firewall rules and activating remote server access that bypasses normal authentication or encryption.

To defend against this threat and meet the demands of insurers, organisations must continuously increase their resilience against attacks that are sophisticated, frequent, severe and costly. For example, Aon’s new Ransomware Defence Bundle and Recommended Practices Guide has been developed to help organisations prevent and mitigate the impact of ransomware in a challenging cyber insurance market by bringing together the essential components of a ransomware defence strategy, including training and awareness of users and testing of existing protective capabilities. If businesses are to access the cover they need, at prices they deem affordable, it is crucial that cyber attack simulations are regularly carried out to test the current preparedness of business users and to ensure existing security investments are fit-for-purpose and capable of providing suitable feedback and alerts in a ransomware scenario. 

This material was prepared for information purposes only. Professional advice should always be sought regarding specific risk issues and solutions.