The newly released Allianz Risk Barometer revealed that Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally, as well as in the United States, in 2024.
The 13th annual business risk ranking incorporates the views of 3,069 risk management experts in 92 countries and territories including CEOs, risk managers, brokers and insurance experts.
Following two years of high but stable loss activity, 2023 saw a worrying resurgence in ransomware and extortion losses, as the cyber threat landscape continues to evolve.
It's little wonder that companies rank cyber risk as their top concern and, for the first time, across all company sizes, large, mid-size, and smaller <$100mn), as well.
It is the cause of business interruption that companies fear most, while cyber security resilience ranks as firms' most concerning environmental, social, and governance challenge.
Allianz Commercial's analysis of large cyber losses in recent years shows that the number of cases in which data is exfiltrated is increasing - doubling from 40% in 2019 to almost 80% in 2022, with 2023 activity tracking even higher.
An increased utilization of AI by malicious actors in the future is to be expected, necessitating even stronger cyber security measures.
Voice simulation software has already become a powerful addition to the cyber criminal's arsenal.
Lax security and the mixing of personal and corporate data on mobile devices, including smartphones, tablets, and laptops, is an attractive combination for cyber criminals.
Allianz Commercial has seen a growing number of incidents caused by poor cyber security around mobile devices.
Many IoT devices do not have a good record when it comes to cyber security, are easily discoverable, and will not have MFA mechanisms, which, together with the addition of AI, presents a serious cyber threat.
The current global cyber security workforce gap stands at more than four million people, with demand growing twice as fast as supply.
Gartner predicts that a lack of talent or human failure will be responsible for over half of significant cyber incidents by 2025.
It is difficult to hire good cyber security engineers, and without skilled personnel, it is more difficult to predict and prevent incidents, which could mean more losses in the future.
Organizations with a high level of security skills shortage had a $5.36mn average data breach cost, around 20% higher than the actual average cost, according to the IBM Cost of a Data Breach Report 2023.
The lion's share of IT security budgets is currently spent on prevention with around 35% directed to detection and response.
For smaller and mid-size companies, the cyber risk threat has intensified because of their growing reliance on outsourcing for services, including managed IT and cyber security providers, given these firms lack the financial resources and in-house expertise of larger organizations.
As larger companies have ramped up their cyber protection, criminals have targeted smaller firms.
If a small company with poor controls or inadequate risk management suffers a significant incident, there is a chance it might not survive.
Businesses can take a proactive approach to tackling cyber threats by ensuring their cyber security strategy identifies their most crucial information system assets.
This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Mon, 05 Feb 2024 17:43:05 +0000