Ransomware remains a top cyber risk for organisations across the world, while compromised business email incidents are on the rise and set to increase further in the “deep fake” era, the latest research warns.
A study by Allianz Global Corporate and Specialty (AGCS), Cyber: The changing threat landscape, says the war in Ukraine and wider geopolitical tensions are a major concern because hostilities could spill over into cyberspace, leading to targeted attacks against companies, infrastructure or supply chains. Other emerging threats include the growing reliance on cloud services – an evolving third-party liability landscape that means higher compensation and penalties, as well as the impact of a shortage of cybersecurity professionals.
Such vulnerabilities mean that a company’s cybersecurity resilience is scrutinised by more parties than ever before including global investors, AGCS said. This means many firms now rank it as their major environmental, social, and governance (ESG) risk.
“The cyber risk landscape doesn’t allow for any resting on laurels,” said AGCS global cyber head Scott Sayce. “Ransomware and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war.
“Most companies will not be able to evade a cyber threat. However, it is clear that organisations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms.”
The frequency of ransomware attacks and claims costs remains high around the world, according to AGCS, with a record 623m attacks in 2021 – double that of 2020. Although their frequency fell by 23% globally during the first half of 2022, the year-to-date total still exceeds those seen between 2017 and 2019, while Europe saw attacks surge over this period. Globally, ransomware is forecast to cause US$30bn in damages to organisations by 2023.
“Although we see good progress, our experience also shows that many companies still need to strengthen their cyber controls, particularly around IT security trainings, better network segmentation for critical environments and cyber incident response plans and security governance,” Sayce added.
