Over the decades, the world has become heavily reliant on technology. We turn to digital platforms to conduct every aspect of our lives – and when the COVID-19 pandemic hit, our reliance on these tools increased even more. Companies across the globe were forced to transition to a work-from-home model, and, unfortunately, this shift has resulted in new opportunities for cybercriminals.
As cyber threats continue to rise, Hauser Insurance advises businesses to assess their cyber security and adopt best practices to lessen the risk and impact of associated losses. Hauser Insurance is a privately held company that provides targeted risk management and insurance solutions to a diverse clientele.
Recently, Hauser Insurance has acquired a new tool – CyberCube – to help mitigate cybercrime. Created in 2015 by Symantec, CyberCube delivers data-driven cyber analytics built specifically for the insurance industry that quantifies a company’s risk posture. The CyberCube team is composed of multi-disciplinary experts from data science, cyber security, software engineering, actuarial modeling, and commercial insurance, who are focused on solving the most difficult and important cyber-risk challenges in insurance using world-class analytics. CyberCube offers a software as a service (SaaS) platform for cyber-risk aggregation modeling and insurance underwriting, and Hauser Insurance has recognized the benefits of using this tool to combat the rise in cyber threats for companies across industries.
Hauser Insurance Group provides support, resources, and expertise through a consultative approach to help businesses maximize the value of their insurance coverage at every level. Its team has more than 40 years of experience working on complex coverage, including underwriting; brokering management; cyber insurance for large and small private companies; and brokering complex directors and officers (D&O) insurance for publicly traded, large-cap companies (including Fortune 500), as well as small/mid-cap companies.
Rise of Cyberthreats
During the COVID-19 pandemic, cybercrime has thrived as cybercriminals have taken advantage of companies transitioning to digital models. Employees who switched to working from home immediately began to rely on residential networks and personal computers – most of which were not equipped with the necessary security to protect them from cybercrime – and opened themselves up to invasion through multiple access points.
Hauser Insurance reports that the estimated global loss to cybercrime is $445 billion, and the average cost of a data breach is $1 million. The majority of these attacks – roughly 60% – are directed toward small to medium-sized businesses. The growth in cybercrime is likely the result of companies bypassing, shortchanging, or not anticipating the need for new and improved security tools. Companies that follow the lead of Hauser Insurance by using CyberCube or similar tools can help mitigate their risk of loss.
Tactics Commonly Used by Cybercriminals
Cybercriminals use a variety of tactics to hack a company’s platform, and the risk experts at Hauser Insurance recommend working with professionals to develop a model that combats the risks associated with each of these tactics.
Cybercrime via Ransomware
In 2020, ransomware attacks increased 40% worldwide year-over-year. According to McAfee, “Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. Ransomware is often designed to spread across a network and target database and file servers and can thus quickly paralyze an entire organization.”
Ransomware is one of the most lucrative methods of data breach monetization. Many ransomware tools have become simplified so much so that those with no programming skills can launch an attack. Experts say that ransomware attacks have now become a business model, known as ransomware-as-a-service (RaaS), that enables subscribers to use already-developed ransomware tools to execute attacks.
To stop the ransomware economy from growing, governments and regulatory agencies from around the world have started researching available options. This past October, the U.S. government issued guidance reiterating its position that cyber insurers who make ransom payments violate U.S. law. However, precedence in other kidnap and ransom markets has shown that if governments and regulators successfully make ransoms harder to collect, criminals simply shift tactics and garner payments via alternative channels.
Cybercrime via Phishing
Phishing refers to the act of scammers using email or text to trick people into sending their personal identification information. These emails and texts often appear to be from familiar or trusted sources and include links or attachments that, if clicked, share critical information with the cybercriminal. In 2021, 36% of successful corporate cyberattacks involved phishing, an increase of 11% over the previous year.
During the pandemic, business email compromise (BEC) phishing scams increased as job descriptions started incorporating emailing as a daily employee responsibility. BEC attacks generally target companies that conduct wire transfers and have suppliers abroad. Attackers often pose as executives or high-level staff, prompting employees to conduct fraudulent transfers. From 2019 to 2020, the FBI reported that BEC losses rose from $1.7 billion to $1.8 billion, with an average loss of $92,932.
Companies Commonly Targeted by Cybercriminals
Hauser Insurance reports that every industry faces unique and complex risks. The company works with industries such as aviation, energy, technology, healthcare, consumer goods, transportation, retail, distribution, business services, manufacturing, construction, and professional services. The broad range of clientele illustrates how no industry is safe in today’s environment, as cybercriminals identify new ways to penetrate both large and small businesses.
However, some industries tend to be more likely targets of cybercriminal activity. IBM mapped the most frequently targeted industries in 2020. The top-ranked sector was finance and insurance – which has been the most frequently targeted industry since 2015. Manufacturing, which ranked eighth in 2019, jumped to second place in 2020; and energy, which ranked ninth in 2019, jumped to third place. Increased attention on these sectors could be driven by the fact that attackers target infrastructures connected to operational technology (OT).
Additionally, the healthcare sector has become a prime target for hackers. Although only ranked seventh in 2020, the number of attacks on healthcare providers more than doubled over the previous year.
Although most cybercrime is targeted at small- to medium-sized businesses, according to Hauser, larger companies are still at risk. Cybercriminals have increasingly been using artificial intelligence to execute their attacks. Thus, larger companies are now more vulnerable to ransomware incidents.
In 2021, for instance, LinkedIn experienced a data breach that resulted in 700 million user names being posted on a dark web forum – impacting more than 90% of its client base.
How Businesses Can Minimize Risk
Hauser Insurance has developed a business model to help companies minimize the risk of cyberattacks, and CyberCube is another tool that can be used to combat such crimes. The insurance agency, however, advises businesses to practice good “cyber hygiene” as well. This proactive approach refers to the steps businesses, and their employees can take to maintain digital health and improve online security. These measures include adjusting operational and security protocols and educating employees on appropriate precautions – all critical first steps. Furthermore, remote employees should receive additional training and guidance on how to avoid phishing scams and fraud attempts.
In addition, every business should consult with professionals, such as the risk mitigation experts at Hauser Insurance, to comprehend the risks they face and determine if cyber insurance would benefit them. In combination with the best practices mentioned above, insurance can help businesses reduce their risk of loss due to cyberattacks. Learning how to combat tech-savvy criminals is crucial to business operations in today’s world.