Is the surge in data breaches a result of bad luck, coincidence, or intentional targeting?
Indefensible hacks are not the cause of intrusions. The usual suspects are unsecure systems, compromised credentials, failure to quickly patch, everyday account takeovers, and poor development practices. The hackers behind these attacks are not high-ranking nation-state attackers, but likely workaday cybercriminals.
Here is a breakdown of some of the latest breaches and incidents.
A hacker discovered an unauthenticated interface at the telecom company. They then attempted a ham-fisted amateur extortion scheme. Experts continually warn of the dangers of misconfigured interfaces.
Data haul: 10,000,000 records, of which one-third contain sensitive ID numbers.
Unfortunately, this seems like a pro-ransomware/extortion team against this large insurer that has approximately 4 million customers. According to Medibank, the intrusion was caused by compromised credentials. Hackers were successful because of a lack of access control and adequate identity protection.
Data haul: Claims and health data, as well as basic bio data. It is the worst-case scenario of data theft.
The breach was caused by compromised login credentials to Woolworths Group’s CRM system. The data, which included approximately 2 million records, was available for purchase on an online marketplace for only $600. This is cybercrime at work.
This online wine retailer claims it used production customer information while testing its digital platform upgrade, which is bad development practice. 700,000 customer records were then sold on a Russian-language forum. Again, workaday cybercrime.
All incidents seem to have their roots in cybercriminals using security vulnerabilities to steal data and then trying to turn it into cash. These security issues are worthy of discussion.
Australia’s concern should be that the nation-state actors won’t be as loud and public about their intrusions. Therefore, hackers may see Australia as a soft target. Australia could be in for a tough run if the cybercriminals working today have so much success.
What Can We Learn from These Attacks?
Security is Important
The world is increasingly dependent on technology and hungry for it. As a society, we will be more vulnerable to cyberattacks and data breaches. It is crucial that businesses take security seriously and give it the same weight as functionality. Although functionality is important, it isn’t satisfactory if your platform is not secure and your users cannot trust it.
Increased Risk to Small Businesses
Recent research has revealed that cybercrime targets Australian businesses every 10 minutes.
Kaine Mathrick Tech, an Australian cybersecurity firm, conducted a study and found that 43 percent of SME businesses were attacked with cyberattacks. Small- to medium-sized businesses typically have lower cybersecurity protection, which makes them more vulnerable.
Ransomware, which locks down a company’s data and demands payment for its recovery, is one of the biggest threats.
Businesses need to be able to identify the most common online threats and have plans for how best to deal with them.
Unfortunately, small and medium companies don’t have the resources to secure their data. Businesses are becoming more concerned about emerging threats because of a lack of spending. This could be due to a weaker economy.
What Does This Mean for Businesses and Their Cyber Insurance
The cyber insurance market has seen a dramatic increase in ransomware attacks.
Many businesses are experiencing significant increases in their cyber insurance renewal premiums, some as high as 40%. Although it is difficult to accept increases in insurance premiums, they are inevitable given the current climate of cybercrime.
Premiums are determined based on how likely a business will have to file a claim. The overall increase in cyber-crime claims activity has led to the insurance market increasing premiums.
Insurance companies have also been known to limit coverage if a company isn’t able to demonstrate that they have adequate cyber security measures.
What Is the Cost of A Cyber-Incident?
The Ponemon Institute’s annual “Cost of a Data Breach” report on IBM was released recently. It found that the average global cost of a data breach in 2022 was US$4.35 million (AUS$9.44 million). The global average cost of a ransomware attack is US $4.54 million, not including any ransom. For many organisations the cost of cyber incidents is considerably greater.
Australia’s self-reported cybercrime losses exceeded $33 billion in the 2020-21 financial years. 4 These are only a small fraction of the total loss and reputational damage that can continue long after the initial compromise.
Companies in Australia are increasingly considering cyber insurance due to rising cyber incident costs.
What Is the Insurance Industry Doing to Deal with Cyber-Risk?
Lloyd’s of London observed recently that cyber risk could make it difficult for insurers and their reinsurers to manage systemic risks. Cyber insurance is distinct from other types of insurance, where losses can be relied on to only occur in one area. However, global cyber incidents could lead to losses that are far greater than the insurance market can absorb.
In response to these risks, the cyber insurance market continues its “hardening.” To mitigate this risk, insurance companies are taking the following measures:
- Insurance companies are increasingly limiting, clarifying, or excluding certain losses from coverage – After tightening cover for ransomware incidents in the past, insurers now focus on exclusions for war.
- Brokers report that premiums are rising – Brokers report an ongoing trend towards steep, year-on–year price increases. Marsh reports that cyber coverage costs have increased by an average 66% over the past three years.
- Expectations for increased risk management– Insurers increasingly require evidence of cyber hygiene, and a risk management culture as a condition for writing or renewing coverage. This includes:
- Analysing in detail the information regarding organisations’ cyber strategy, governance arrangements, IT security spending, data volume and type, security controls to protect information assets, and dependence on shadow IT.
- Examining third party arrangements, cyber awareness culture, testing regimens, details about any previous data breaches, how well-prepared organisations are for a cyber event, and whether any war-gaming exercises have been conducted to stress-test their arrangements.
- By focusing on executive sponsorship of cyber security resilience and cybersecurity, as well as making regular tabletop scenarios that involve senior management participation a condition to coverage.
This trend is apparent across all industries in Australia. This means that all organisations (professional & financial, manufacturing, government, logistics, SMEs) need to take notice.
Strengthening Your Defence
Businesses and management teams must prioritise cyber security in the current environment.
Higher premiums might lead companies to rethink cyber coverage. However, compromising this protection can have significant financial consequences if an organisation is victimised by cybercrime.
Cyber insurance can provide cover for the above mentioned ransomware attacks. Engaging your insurance broker early can help businesses obtain the correct level ofcyber coverage .
Trident Insurance brokers can provide consultation services and conduct a detailed assessment of your business in order to suggest risk mitigation strategies. This will help your business appear more attractive to the insurance markets. Get in touch today.