Cybersecurity Incidents Are Major Business Disruptions

Uploaded on 2018-03-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Recently, Allianz Insurance released its Risk Barometer for 2018, which surveyed more than 1,900 risk management experts from more than 80 countries.

The survey covered Allianz customers, insurance brokers, risk consultants, underwriters, executives and surveyors. The poll was carried out in October and November 2017.

Service Interruptions and Security Incidents go Hand-in-Hand

Businesses from small to multinational companies were asked to name their top concerns. For the sixth time in a row, service interruptions made it to the first place with 42% of all polled.

“For the first time, business interruption and cyber risk are neck-and-neck in the Allianz Risk Barometer and these risks are increasingly interlinked,” said Chris Fischer Hirs, Chief Executive Officer, AGCS.

“Whether resulting from attacks such as WannaCry, or more frequently, system failures, cyber incidents are now a major cause of business interruption for today’s networked companies whose primary assets are often data, service platforms or their groups of customers and suppliers.”

With today’s continuous progressions in business digitisation, companies see a strong link between business interruptions and cybersecurity incidents.
 
According to 40% of all those polled, the risk of cybersecurity incidents is considered the second most important issue businesses are facing today. Only five years ago, cyberattacks were listed in 15th place on the risk rating chart.

In Europe, pressure will also increase, as the European General Data Protection Regulation (GDPR) will become effective on 25 May 2018. It seems that smaller and mid-sized companies became more aware of cybersecurity risks over time.

Refocusing from Risk Identification to Prevention

The insurance industry is adapting to the increased recognition of cyber threats, but not necessarily at the same pace as these threats are increasing. Establishing expertise, integrating cyber risk into existing offerings, and adding new products is taking some time.

But the portfolio of cyber insurance offerings is growing, and the outcome of the Allianz Risk Barometer validates a growing demand, especially with GDPR looming. There needs to be a shift toward cyber threat prevention vs. reactive security measures, and that will become more important for the insurance industry, just as it is for the IT security industry.

Paradigm Shift on the Horizon

More and more companies are coming to realise that traditional reactive security efforts from the past are not keeping up with today’s cybersecurity risk landscape, even if they are implementing interconnected platforms of signature-based legacy antivirus technologies.

Typically, up to 75% of a company’s IT spending is used for management and maintenance of existing IT systems. Qualified employees’ adept at migrating legacy IT systems into modern architectures are rare and can be expensive.

On top of that comes a high percentage of legacy security technology that is based solely on detection and response capabilities, not actual prevention. This type of defense strategy consumes and depletes resources, while, at the end, it is totally ineffective.

Today, it still takes an average of 229 days until a breach is detected. Being able to quickly clean up after an incident is important, but preventing the breach in the first place is golden.

The monetary damage averages at $158 USD per breached data record, according to the ICT Ransomware Report. Additional layers of Detect and Respond systems are not capable of protecting against the high cadence of polymorphic and highly sophisticated attacks.

This is why service interruptions now lead the pack of business risks listed in the survey.

While targeted attacks are more sophisticated today, we also see a continuous evolution in malware commercialisation. Mutation and encryption tools are easily available to ‘part-time’ cyber criminals today. While those tools have existed for years, today they are available as-a-service for a low monetary investment.

Today, virtually anyone with an Internet connection can purchase toolkits or even full malware campaign services that can easily bypass traditional security solutions through a broad stack of attack vectors.

So, one piece of malware can be reused infinite times, with low or no knowledge required about malware programming. The phenomenal increase of crypto currencies is just another indicator.

Conclusion

Cybersecurity threats are not the exclusive concern of IT departments anymore - other business units are taking note of the impact to business procedures and continuity. The latest Allianz Risk-Barometer underpins the direct connection between business interruption and cybersecurity incidents.

Many companies are trying to patch their security strategy by adding and connecting more layers of legacy Detect and Respond technology that utilize a common pile of threat intelligence.

However, evasion of such multi-layer systems is possible and progressively cheaper than ever before. Organisations should rethink and modernise their cybersecurity arsenal.

True prevention is possible today, with solutions based on artificial intelligence and machine learning which are not dependent on URL lists, signatures, or heuristics, solutions that prevent attacks by way of self-sufficient math models that are extremely lightweight and compatible with corporate business needs.

To contact the GDPR Advisory Board please visit:  www.gdpr-board.co.uk

Threat Matrix

You Might Also Read: 

Businesses Using Apple & Cisco Products Pay Less For Insurance:

Companies Are Buying Cyber Insurance 'in mad panic':

 

« US City Of Atlanta Suffers An Attack
Have You Gauged The Cost Of A Cloud Outage? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

ICS2

ICS2

ICS² is the first cyber security company focusing on protecting the control system of power, oil, gas, and petrochemicals plants.

Sasa Software

Sasa Software

Sasa Software is a cybersecurity software developer specializing in the prevention of file-based network attacks.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Infortec

Infortec

Infortec provide consultancy and solutions for the protection of digital information and the management of computer resources.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

LTIMindtree

LTIMindtree

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

Digital.ai

Digital.ai

Digital.ai empowers organizations to scale software development teams, continuously deliver software with greater quality and security.

Aspire Technology Solutions

Aspire Technology Solutions

Aspire is an award-winning IT Managed Service and Cyber Security Provider. We specialise in cyber security, cloud, connectivity, managed services, unified communications and IT support.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

Amtivo Ireland

Amtivo Ireland

Amtivo Ireland (formerly Certification Europe and EQA) offers a range of certifications and related services.

Datos Insights

Datos Insights

Datos Insights is a leading global provider of insights, data, and advisory services to the financial services, insurance, and retail technology industries.