What trends are driving cyber risk for North American firms?

Allianz Commercial head breaks down the threat landscape

What trends are driving cyber risk for North American firms?

Cyber

By Gia Snape

Generative artificial intelligence (AI), the resurgence of ransomware, an evolving regulatory environment, and a heated election year in the US are driving shifts in the cyber risk landscape for North American businesses this year.

That’s as cyber incidents remained the most significant global risk for the third year in a row, according to the 2024 Allianz Risk Barometer.

Cyber events are the top peril in 17 countries, including the US, and the second-biggest risk in Canada. Business leaders polled by Allianz were most concerned about data breaches (59%), attacks on critical infrastructure and physical assets (53%), and ransomware (53%).

“Unfortunately, I'm not surprised to see that cyber is still the highest risk on the list,” said Tresa Stephens (pictured), Allianz Commercial North America head of cyber. “It's [no surprise] given how quickly those cyber exposures keep shifting alongside emerging developments in technology, like AI, and the regulatory landscape that must evolve to keep pace with how much we utilize technology and the new ways we use it.

“On top of that, cyber events are driven by threat actors with financial and political motives. So, in a tough economy or a challenging geopolitical or socio-political environment, you'll see more individuals incentivized to participate in criminal activity online.”

‘Cat-and-mouse games’ – will ransomware surge continue in 2024?

The resurgence of ransomware attacks in 2023 helped stoke worries for US and Canadian organizations. Insurance claims activity linked to ransomware was up more than 50% last year compared with 2022, according to Allianz.

“Broadly speaking, I don't think it's likely to go away anytime soon. But we did see peaks and troughs over the last couple of years in ransomware activity,” Stephens said.

According to Stephens, several factors influence the “waxing or waning periods” for ransomware activity. One is that as organizations bolster their cyber defences and invest in improved cybersecurity, threat actors pivot to other attack modes.

“There’s a period where [businesses] catch up to the tactics, so threat actors come up with new methodology… by which they're going to infiltrate businesses’ computer systems,” she said. “So, if ransomware isn't as effective today, they might switch to business email compromise, and you'll see an increase in that threat vector. But it's this cat-and-mouse game that keeps going back and forth.”

Sociopolitical tensions in the run-up to the US presidential elections are also a major red flag for cyber underwriters, according to Stephens.

“I think I speak on behalf of most cyber underwriters when I say that during election years, we don't sleep as well,” she told Insurance Business. “It’s hard to determine right now because we've had election years where there was very little cyber-related activity. But some threat actors are motivated by sociopolitical means, so there's always a chance that you might see an uptick in events related to or around an election year.”

Generative AI’s influence on the cyber threat landscape

The rise of generative AI technology has also empowered cyber threat actors to be nimbler in their attacks.

Stephens warned that ChatGPT and other large language models can be powerful tools for exploiting human error for financial gain.

“We sometimes quite easily fall prey to the right words in the right order, and generative AI has enabled threat actors to propagate more impactful phishing campaigns on a mass scale and facilitate the generation of more effective malicious code,” Stephens said. “There are many ways in which [generative AI] ramps up the stakes. Threat actors can do it faster, more effectively, and more cost-effectively, too, which is a big variable.”

To protect themselves against AI-powered cyber attacks, businesses should familiarize their workforce with the threat. Security awareness training to address evolved attacks is critical; likewise, organizations can invest in AI and machine learning-based tools to fend off threat actors’ advances.

“It's impossible to defend against an enemy you don't know or recognize,” said Stephens.

The cyber leader also emphasized that organizations can “fight fire with fire” by leveraging AI tools against AI threats.

“AI is generally useful for tasks like pattern recognition, which makes it well suited for tasks like identifying malicious links,” Stephens said.

“The applications and toolsets enabling these threat actors to go after a business are the same ones a business can readily employ to prevent the attack. Going forward, I think we will see more focus on using these tools to protect businesses.”

Do you have something to say about cyber risk trends in North America? Please share your thoughts in the comments.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!