Coping with cyber dangers in a hard market

Risk managers urged to consider and understand the "severity of risks"

Coping with cyber dangers in a hard market

Risk Management News

By Kenneth Araullo

Following up on its earlier report that illuminates the ongoing and increasing cyber threats directed at the financial services sector, especially in Asia-Pacific, Akamai security technology and strategy director Reuben Koh highlighted the hard market that risk managers will have to contend with especially as cyber threats continue to worsen for many financial institutions.

“Cyberattacks will continue to increase regardless of events happening in the world, so we should not associate the frequency or severity of cyberattacks based on the state of the world events or the global economy. This means not letting our guard down at all times,” Koh said in conversation with Insurance Business.

Koh called on risk managers to carefully consider and understand the “severity of risks” across industries, and to work with experts to implement and bolster protection against ever-evolving threats.

“With the organization’s chief information security officer, risk managers play a crucial role in conveying the importance of cybersecurity as a business – not technical – function to executive management, so that the organization can continuously assess risk models, in terms of fraud management, customer-based threats, and account takeovers,” Koh said.

Innovation also presents a unique challenge in that it can expose businesses to additional dangers – both known and unknown – despite the positive impact that it offers. Koh cited the rapid adoption of third-party scripts as a well-known culprit, most of them being brought in to improve the user experience by generating more services and offerings.

“Attackers can simply exploit client-side vulnerabilities as a point of entry, or inject malicious code into third-party scripts loaded as part of the website. As this puts the organization at risk of brand and reputation damage, compliance issues, and financial losses, risk managers must possess a deep understanding of the specific compliance and regulatory requirements relevant to their industry,” he said.

Amid cyber risks, what should be the priority for risk managers?

With threats at an all-time high and expected to continue well into the coming years – especially as the AI saga further evolves – Koh stressed the need for organizations and risk managers to step up in tackling cyber dangers.

“Organizations need to focus on quickly getting a handle on their risk exposure by establishing complete and real-time visibility across all technological assets, and the people who need to access those assets. Businesses move at an extremely rapid pace, so it is easy to lose visibility while the business is moving faster than security can catch up. We need to ensure that security is not left behind or becomes an afterthought as businesses charge forward on innovating or digitizing,” Koh said.

Security and risk personnel need to understand the shifting threat landscape, Koh stressed, as well as regularly assess the risk posture of their business. Gaps, lack of oversight, and carelessness can lead to more serious threats, which would then need to be addressed with new technology or new processes altogether. Koh highlighted dynamism as a key factor, and a static organization will be sitting ducks against the modern dangers associated with continued digitization.

“These teams need to possess specialized defences and collaborate with a trusted partner who possesses recognized expertise. Such a partnership can optimize internal resources and enable teams to focus on promoting growth, fostering digital innovation, improving customer retention, and increasing profitability,” he said.

With many in the space already acknowledging the fact that cyberattacks will only become more sophisticated from here on out, Koh said that businesses should also consider increasing resilience to be better protected against cyber threats.

“One of the more effective methods to achieve this is through implementing a Zero Trust Segmentation strategy, also commonly known as micro segmentation. This approach isolates and confines security breaches within an organization from spreading, thus minimizing damage and facilitating recovery even during an ongoing cyberattack,” he said.

“Instead of relying on network-based controls, which can be cumbersome to manage, micro segmentation separates security controls from the underlying infrastructure, offering a higher level of precision and adaptability. A robust micro segmentation strategy allows a business to become much more resilient and adaptive to the ever-changing threat landscape,” Koh said.

In the end, Koh also addressed the role of insurance, although he believed that while beneficial, it should not be an excuse to become complacent and passive.

“Cyber insurance should instead become a key consideration as part of a robust cybersecurity strategy. This can, in turn, encourage organizations to adopt a stronger and more holistic approach in addressing cyber risks, where they now have more tools and levers that can include both technological and financial protection, to better protect the business from breaches,” he said.

What are your thoughts on this story? Please feel free to share your comments below.

Keep up with the latest news and events

Join our mailing list, it’s free!