Our friends at Munich Re recently released a very insightful report. This isn't your run-of-the-mill research — it's a detailed projection on the rise of cyber crime for the next four years.
The publication, aptly named "Cyber Insurance: Risks and Trends 2023," serves as a bright beacon in the otherwise foggy landscape of cyber attacks and their repercussions on the world of cyber insurance. The standout culprit, according to the report, is ransomware. This digital menace is the primary cause of cyber insurance losses and it's also the fuel feeding the anticipated growth of the cyber insurance market. To put things in perspective, this market was valued at a cool $11.9 billion in 2022, and it's projected to soar to a whopping $33.3 billion by 2027.
And here's the kicker. Over the next four years, the costs of cyber crime are expected to triple. This prediction is in line with the projected growth of the cyber insurance market. These trends signal an increase in the frequency of cyber attacks, leaving organisations more exposed than ever. As a natural consequence, the cost of cyber insurance will also climb.
What these trends underline is that investing in preventive measures, like comprehensive security awareness training, is a far more brilliant move than solely depending on cyber insurance coverage.
Key points from this report:
You know how world events, like the Russian invasion of Ukraine, have this pesky habit of accelerating cyber risks? This, together with global power tussles, pumps up the chances of a major cyber catastrophe. Munich Re has its sights on critical infrastructure, intellectual property, and elections in about 70 countries being in the crosshairs of these geopolitical cyber risks.
This gets a bit hair-raising when you think about how more nation-states are pumping funds into cyber research, which includes hunting for those sneaky zero-day vulnerabilities. If everyday cybercriminals start copying these nation-state tactics, well, that's when things could get really interesting, especially for satellite tech sectors. Expect to see a lot more disinformation efforts, boosted by machine learning, AI, deep fakes, chatbots, and social media.
Just a heads-up on cyber warfare: transferring the risk isn't an option. The insurance industry agrees on this point - no coverage for warfare, cyber included. Munich Re is all for making exclusion terms clearer and more transparent. They're also helping governments and insurance bodies gear up for cyber warfare scenarios by promoting effective public-private partnerships.
Ransomware isn't going anywhere. It's still the top-dog threat for businesses and individuals in 2023 and beyond. The global cost of cyber crime to businesses is set to hit a staggering $10.5 trillion by 2025. And there's more—destructive trends are on the rise. We're seeing a shift towards data destruction instead of encryption, data theft becoming a successful extortion tactic, and a growing focus on targeting cloud infrastructure.
Munich Re's Data Analytics Team discovered that ransomware caused the most cyber insurance losses between the start of 2020 and 31st March 2023. The finance industry took the biggest financial hit, even though the business and professional services sector had the most claims.
Supply chain attacks will continue to be a go-to for threat actors, mainly because of the increasing number of critical bottlenecks and easy targets like cloud services. Gartner predicts that by 2025, nearly half of all organisations worldwide will suffer attacks on their software supply chains.
Going forward, transparency becomes crucial for risk owners concerning dependencies within their critical assets inventory and supply chain. Munich Re sees cyber security as becoming an integral part of business relationships and supports this integration. A change in mindset is needed, recognising cyber security investment as a catalyst for digital operations and a way to lessen the impact of potential attacks.
Data breaches and liability will stay hot topics in 2023. Projections from "AWS' Security Predictions for 2023 and Beyond" suggest that by 2025, a mind-boggling 463 exabytes of data will be generated, offering a vast playground for those with ill intentions. Also, expect more legislative action and raised customer expectations about data protection.
By the end of 2023, modern data privacy laws will likely cover the personal information of three-quarters of the world's population. This could lead to privacy law violations becoming as common as privacy breaches. Munich Re's Data Analytics Team found these violations are currently most common in the finance sector, followed by public authorities, NGOs, non-profit organisations, utilities, and healthcare.
When it comes to critical digital bottlenecks, we can't overlook the realm of connected devices or the Internet of Things (IoT). By 2025, there will be a staggering 41.6 billion interconnected IoT devices spewing out a massive 79.4 zettabytes of data.
The ongoing convergence of Information Technology (IT) and Operational Technology (OT) is making these devices a tempting target for bad actors. This trend is even more concerning when you consider how geopolitical factors increase the vulnerability of OT and critical infrastructure. It's like painting a huge bullseye on them for cyber criminals.
Our key takeaways for future readiness
To thrive in our digital economy, resilience, and cyber security must be at the forefront. While we can't completely shield ourselves from all cyber attacks, we can reduce their impact and harness the benefits of modern technologies. Here are some nuggets of wisdom from the report:
Embrace new tech, but remember to create a strong cyber security culture.
Always work on strengthening resilience and readiness to face potential threats.
Make cyber security a priority investment and enjoy the returns.
Build strong networks, share data responsibly, and use your data effectively.
Make cyber insurance an integral part of your overall cyber security strategy.
And remember, the cyber world might seem a bit scary with these threats, but with the right preparation and mindset, we can navigate it safely and confidently.
GoldPhish educates end-users on the cyber threat and helps build more secure organisations with awareness training and simulated phishing
Get in touch for more information: info@goldphish.com