The cyber insurance market is booming due to rising cyber attacks. It is among the fastest growing insurance niches. Cyber insurance products cover operational risks affecting confidentiality, availability or integrity of information and technology assets.
Its growth is led mainly by financial institutions. These institutions are performing cyber risk management. Demand is also driven by regulatory pressures that will require all enterprises to notify individuals if their personal data is breached.
Organisations are becoming more reliant on data. Therefore more of their business is conducted over digital channels. They will as a result place increasing value on protecting that data.
Over the past few years there have been high profile and costly breaches, This is also driving the demand for cyber insurance products. Few insurance companies have a clear understanding of what “good” cyber security looks like for their customers. They are therefore unable to assess whether their customers are taking the right precautions to properly manage their risk .
Cyber risk is not an IT issue, it is a business problem. Until recently, cyber insurance was considered a nice-to-have supplement to existing insurance coverage. Cyber insurance coverage is now becoming a must-have.
The cyber threat is pervasive. Attacks are increasing. Cyber attack trends are also shifting constantly. An attack can come from multiple directions and in multiple forms. In this complex, dynamic threat landscape, the ability to accurately assess risk becomes a huge undertaking.
Five out of six companies with more than 2,500 employees were targeted in cyber attacks in 2014. This represented a 40% increase last year, according to Symantec’s annual internet security threat report. Hackers are becoming more sophisticated. They are introducing more and better malware to their campaigns. More than 317 million new pieces of malware were created in 2014. This means that almost a million new threats were released daily.
Businesses are increasingly backing up their data and apps in a secure, off-site cloud environment. The cloud is faster than other options. It typically offers the most protection at the lowest cost. Recovery in the cloud requires no travel and no extra hardware. It offers extreme levels of reliability.
Kaspersky Labs describes hooded “money mules” waiting at ATMs. They are controlled remotely to dispense cash at a particular time without the need for a bank card. The reported losses potentially exceed US $1 billion. The criminal activity spans Russia, The U. S., Europe and China and is likely to involve Asia, the Middle East, Africa and Europe.
It is understood that the attacks began with a spear-phishing email designed to look like a legitimate communication. The email in fact delivered malware which was capable of exploiting vulnerabilities in certain Microsoft products. This opens a backdoor to the bank’s systems leading to the attackers seizing control of the ATMs and bank accounts.
The Kaspersky Report states that the stolen funds were transferred out of the targeted financial institutions. These funds eventually went to bank accounts in the U. S. and China. It took two to four months to steal between $2.5 million and $10 million from each bank.
The scale of these thefts is therefore a reminder of how such acts are a national threat. Financial markets and systems can be destabilised. Understandably, cyber security is receiving considerable regulatory scrutiny.