Cyber-Attacks Set To Become “Uninsurable”
This is the stark assessment from Mario Greco, chief executive at insurer Zurich, one of Europe’s biggest insurance companies, speaking to the Financial Times.
Amid growing concern among industry executives about large-scale cyber-attacks, Greco warned that cyber-attacks, rather than natural catastrophes, will become “uninsurable”. For the second year in a row, natural catastrophe-related claims are expected to top $100bn, the FT reported.
Cyber-attacks have continued to plague multiple industries in recent years, some of whom are doing little to prevent future attacks, when they opt to pay hackers and criminal gangs (against all security professional advice) to unlock their ransomware crippled systems or call off DDoS attacks.
Zurich’s Mario Greco praised the US government’s steps to discourage ransom payments. “If you curb the payment of ransoms, there will be fewer attacks,” he told the Financial Times.
In September 2022, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks. A senior Lloyd’s executive said the move was «responsible» and preferable to waiting until «after everything has gone wrong».
Identifying those responsible for an attack is challenging, making such exemptions legally fraught, and cyber experts have warned that rising prices and bigger exceptions could put off people buying any protection.
There was a limit to how much the private sector can absorb, in terms of underwriting all the losses coming from cyber attacks, Greco said. He called on governments to «set up private-public schemes to handle systemic cyber risks that can’t be quantified, similar to those that exist in some jurisdictions for earthquakes or terror attacks».
These are the data:
- According to Security Magazine, there are over 2200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds
- With around 2,220 cyberattacks each day, that equates to over 800,000 attacks each year.
- According to Cybint, nearly 95% of all digital breaches come from human error.
Cyber security experts share their prediction for the most impactful threat vectors and cyber risks of 2023, so when they were asked in mid-2022 by Cyber Security Hub which threat vectors posed the most dangerous threat to their organizations on 2023, 75% of cyber security professionals said social engineering and phishing.
Since the survey closed, multiple organizations such as Dropbox, Revolut, Twilio, Uber, LastPass and Marriott International have suffered from such attacks further highlighting the importance to cyber security practitioners of staying aware of phishing threat.
Privileged account management is the IT security process of using policy-based software and strategies to control who can access sensitive systems and information. Privileged accounts rely on credentials (passwords, keys, and secrets) to control access. By creating, storing, and managing these credentials in a secure vault, privileged account management controls authorized access of a user, process, or computer to protected resources across an IT environment.
Imagen Arthur Bowers in Pixabay