As cyber threats evolve, so must client protections
Your clients’ confidential data remains an alluring target for cyber criminals. As long as there is potential for money to be made, threat actors will attempt to access data in any way they feel they might successfully exfiltrate information or apply extortion. The wealth of opportunities for cyber attacks has transformed malware into an industry in its own right—albeit an illegal one—that continues to grow in sophistication.
As a result, cyber attacks have become an ongoing challenge for a rising number of organisations, with 39 percent of UK companies reporting cybersecurity breaches so far this year (the true figure is likely much higher as smaller businesses under-report cyber attacks). Nearly one-third of these businesses say they have been attacked at least once a week. In Ireland, government cybersecurity authorities say small and medium-size businesses have become frequent ransomware targets—and about 80 percent of organisations that pay are attacked repeatedly.
The financial costs of an attack—to say nothing of the reputational costs to an organisation—are substantial: the National Cyber Security Centre said UK losses to fraud and cybercrime between April 2021 to 2022 totalled £3.1 billion. To put that in perspective with a recent example, one criminal defence firm had to pay £98,000 in fines alone for failing to secure sensitive court bundles that were later published on the dark web and held to ransom by organised criminals. The firm likely has plenty of company—according to the Information Commissioner’s Office, attacks of ransomware reported since 2020 have more than doubled from 326 to 654.
To be sure, having a formal incident response plan can help thwart an attack or limit its damage. But worryingly few businesses (19 percent) report having such a plan. This leaves them vulnerable to costly interruptions following an attack. For example, an IT supplier for some NHS patient services such as 111, experienced a ransomware attack which impacted its services and was expected to take nearly a month to restore back to full service. Imagine your clients being unable to conduct essential business for a period of weeks or months.
“Double extortion attacks—where data is exfiltrated by the threat actors as well as encrypted on your network—have become routine.” James Doswell, Travelers Europe
Learning from the risks
We have an opportunity to provide the kind of support that helps an organisation not only discourage an attack, but also get back on track quickly if one does occur. At Travelers, we’re studying the threats and how they’re evolving so we can adapt protections accordingly. Our team reviews cyber threat data from third-party vendors, industry partners, and our risks and claims teams in an ongoing effort to help clients manage their exposures.
As part of our strategy, we’re tracking how threats are evolving, both around the world and close to home, so we can alert clients to their exposures and provide case-specific counsel and protection.
The threats affect all parts of the economy—no industry stands out as more vulnerable or appealing to criminals than others. There are, however, patterns in the attacks themselves. Phishing remains a primary means of breaching organisations. Of the 39 percent of UK businesses reporting a cyber attack in the past six months, 83 percent of the threats were phishing attempts. Last year, ransomware officially became the UK’s most significant cyber threat because of its potential to harm essential services or critical national infrastructure.
This year, double extortion attacks—where data is exfiltrated by the threat actors as well as encrypted on your network—have become routine, forcing organisations to have to recover their stolen data, and then pay to prevent it from being leaked. Supply chain attacks through identity misuse have become another growing risk as threat actors compromise suppliers’ systems and accounts.
Updated cybersecurity controls provide important prevention, but this must be an ongoing exercise done in coordination with employee training. The broad nature of malware and threat actors mean that activity is constantly evolving. No single security solution can provide overarching protection—and clients should be wary of any that profess to do so.
Multifactor authentication can provide an excellent level of protection when used correctly, but solutions such as filtering and endpoint defence are also extremely important. Employees must receive continuing education about these defences and evolving cyber threats so they know how to recognise and report a likely attack. Organisations need multi-layered cybersecurity to protect against evolving threats—one control isn’t enough.
Becoming an inconvenient target
We partner with brokers to help secure the best outcomes for clients—in minimising the risk of cyber attacks and, if one occurs, in providing support that helps limit business disruptions. It’s important for brokers to have early discussions with us about their client requirements and ensure the organisation’s controls suit its specific functions and are used as recommended. This helps us identify cybersecurity gaps that may exist due to the controls themselves or incorrect assumptions about the organisation’s needs.
Cyber threat actors are highly adaptive—and organisations must be too. Brokers can help clients reduce their exposures by recommending good cybersecurity practices and ongoing staff training, as well as asking their insurer for support in staying a step ahead of the risks. In an environment that provides rich targets for threat actors, organisations can make themselves less appealing ones to threaten.
James Doswell (pictured) is a senior risk management consultant at Travelers Europe, where he specialises in cyber risk control for clients in the UK and Ireland.
