The ever-evolving cyber threat landscape

The ever-evolving cyber threat landscape | Insurance Business America

The ever-evolving cyber threat landscape
A global cyber risk report has highlighted the risks faced by American companies and outlines the industries most in need of cyber protection insurance – including the insurance industry itself.

According to the data, phishing continues to be the most common cyber risk; America was the worst-hit country globally last year’ and the majority of cyber-attacks are stemming from within the States.

The report, by NTT Data, analyzed 3.5 trillion logs and 6.2 billion attacks over a 12-month period, between October 2015 and September 2016, using access to about 40% of global internet traffic.

Phishing attacks were responsible for as much as 73% of malware being delivered to organizations worldwide, the research showed. The United States – with 41% – was the most attacked country.

Khirodra Mishra, NTT Data managing director for security services, said the cyber protection industry is constantly trying to strengthen its resolve against attacks, but, “as you can imagine, at the same time, the whole underground hacker network is spending more time breaking what we are trying to build.”

“It’s a very interesting ‘warfare’ that keeps happening, that keeps us on our toes.”
The US was responsible for the most attacks against US targets (54%), with China the second biggest source country (17%).

Join more than six hundred insurance companies and brokers who have grown revenue and reduced costs. Download our free white paper to learn how Docusign can help you improve your customer experience.

The most targeted industries for hacks in the Americas were manufacturing (23%), education (20%), and finance (15%). Globally, however, the finance industry was the most targeted industry.

A potential new cyber threat for insurers

Beyond the hacking stats though, Nomand Lepine, NTT Data senior director of data and analytics for insurance, said an interesting potential threat existed for insurers in the form of IoT, and the types of data insurers hoped to collect to assist with underwriting.

“An increasing number of insurers are now getting into the cyber insurance game because of these types of [global phishing and malware] stats,” he said. “To some degree they’re having to beef up their own understanding of these threats and the threat landscape just so they can write these policies.”

But he added that he was also working with a number of clients “to understand risk better and develop [IoT] products that are dynamic in terms of pricing and risk analysis.”

The very nature of developing products to gather data from an IoT devise itself carried risk, he said. The data collected from cars, wearables, smart home technology, which would be used to better understand risk could become a company’s own risk if it was hacked.

“As they’re looking to gather more of that data, there is clearly vulnerability that would allow a lot of that same data to be gathered outside of the insurer, or to wait until the insurer has gathered it all and then go get it from the insurer by a breach,” he explained. “And that opens up a range of new vulnerabilities.”

Related stories:
Keeping up with cyber criminals
The $2.5B cyber insurance market could be nearly 4 times bigger by 2020