INDEPTH FEATURE
Cyber Security & Risk Management 2021
April 2021 | RISK MANAGEMENT
financierworldwide.com
Click cover to download
(Subscriber-only password access)
Not a subscriber?
Click here to join the FREE mailing list and receive password access
While the profile of cyber security has certainly increased in recent years, the events of the last 18 months have reinforced the importance of properly staffed and sufficiently funded cyber security programmes. The COVID-19 pandemic has greatly increased the attack surface for malicious actors, both internal and external, and companies must be prepared to evolve as quickly as cyber criminals.
UNITED STATES
Guidehouse
“When it comes to the technology exploited and the means of exploitation, the technical threats today are not much different than what we have seen over the past few years. The cyber trade craft is pretty much the same and includes gaining access to the network or to your applications through poor identity and access control mechanisms, scanning the internal network to look for unpatched systems, out-of-the-box passwords still being used, poor system admin passwords and so on. What is different is that companies are beginning to see the true impact of a cyber attack, and it reaches well beyond the IT department. It is all about business, mission and resiliency.”
ARGENTINA
Marval, O’Farrell & Mairal
“Argentina, jointly with Brazil and Mexico, is considered one of the countries in Latin America most likely to suffer a cyber attack. The Organization of American States considered Argentina as one of the countries with most cyber criminal activity in the world. The biggest threats to which companies operating in Argentina are vulnerable today are different kinds of viruses, denial of service attacks, phishing schemes and ransomware attacks, which have become extremely common during the COVID-19 pandemic.”
UNITED KINGDOM
Tokio Marine HCC
“Cyber incidents were reported as the greatest threats to UK businesses according to 2019 and 2020 World Economic Forum (WEF) reports. With the continued digitalisation of business and increasing sophistication of cyber threat actors, I do not see this being knocked off the top spot any time soon. Headline losses have raised awareness levels around the catastrophic impacts that a cyber incident can have on a company, thus highlighting the benefits of purchasing a cyber insurance policy as a method of risk transfer. However, the purchasing decision is often delayed due to budgeting reasons.”
FRANCE
Tokio Marine HCC
“Cyber risk is one of the top three risks for companies in France, Benelux and the Nordic countries. Companies are well aware of the cyber threat, due to its dire consequences for their business that can be financially, physically and reputationally irreversible. Cyber risks are at the heart of risk management and we have seen a rise in interest and involvement of the board on this topic. For instance, in France, clients are now more willing to share underwriting information as this could positively impact their terms and conditions. Budgets and teams have also increased as a consequence.”
BELGIUM
Gibson Dunn
“Companies continue to be exposed to traditional cyber threat attacks, such as phishing attacks, ransomware attacks, malware and insider threats. According to current reports, approximately one third of successful cyber attacks involve phishing, and phishing is instrumental in two thirds of all cyber attacks. Phishing attacks are likely to continue as people increase their online presence, and the social engineering employed to steal user credentials becomes more elaborate. Cyber attackers are also developing sophisticated phishing attempts launched through cloud applications, which have higher trust levels from users and are therefore more effective.”
GERMANY
Allen & Overy
“The pandemic has led to an unprecedented increase in remote working which has made many companies increasingly vulnerable in the face of cyber attacks on their technological infrastructure. There is a wide range of possible cyber threats which companies are currently facing. Phishing emails designed to manipulate the recipient into disclosing personal user data by pretending to be a trustworthy source are likely to remain a cyber security issue. Another frequent cyber threat is ransomware. Ransomware is malware which locks computers, encrypts files and then demands a ransom for their release.”
SWITZERLAND
CMS Switzerland
“Multiple entry points for unauthorised breaches of corporate IT systems exist, and have existed for many years. These entry points can be used for various purposes by an attacker, such as damaging data or data systems, stealing data or using it as a means to extort money. As we have seen in recent years, there has also been a concerted effort to resell stolen data to foreign companies or foreign states. Sensitive personal data, including customer health or banking information, are particularly vulnerable to such attacks. Finally, complete system failures – so-called denial of service attacks – are particularly damaging.”
SPAIN
Clyde & Co LLP
“Ransomware attacks are by far the biggest cyber threat that companies face today. The use of this specific type of malware by malicious actors has substantially increased in recent years, not only in volume but also in the level of payment demands. Furthermore, ransomware attacks are now much more sophisticated and are designed to not only encrypt the victim’s files, but also to threaten data exfiltration. Examples of this are the Emotet/Trickbot and Ryuk malwares, which have affected several Spanish entities over the last few months, including public companies and government bodies, hospitals, financial institutions and other major corporations.”
PORTUGAL
Morais Leitão, Galvão Teles, Soares da Silva & Associados
“The major cyber threat to most companies today lies in email – more specifically, in employees’ use of company email accounts. This is the gateway for most cyber attacks, ranging from unsophisticated ‘Nigerian prince’ scams, to the most sophisticated malware, phishing, chief executive fraud and ransomware attacks. The reason is simple: IT departments can more easily prevent risky employee behaviour than react to an outside attacker actively searching for human failure.”
MALAYSIA
Christopher & Lee Ong
“In 2020, Malaysia saw a massive increase in companies digitalising their business operations and shifting their workforce to working remotely due to the COVID-19 pandemic. This sudden and unplanned shift increased many companies’ vulnerability to cyber threats and resulted in a significant spike in reported cyber security incidents. According to a recent PwC digital trust insights survey, Malaysian executives ranked ransomware and phishing campaigns as being among the top threats affecting organisations in Malaysia. Perpetrators have exploited the pandemic to launch COVID-19 themed phishing attacks that targets unsuspecting employees to carry out data exfiltration attacks on companies.”
SINGAPORE
Tokio Marine Asia Pte. Ltd.
“Since 2018, cyber risk awareness has been growing steadily in Singapore and the threat landscape is changing continuously from virus to phishing, malware, ransomware and the resultant data breach and business interruption. However, more recently, due to coronavirus (COVID-19), most organisations have been forced to adopt remote working conditions and, in some unfortunate cases, reduce their IT budgets due to the revenue and liquidity impact of the pandemic. That said, a recent McAfee cyber resilience report found that 92 percent of Singaporean organisations plan to invest more in cyber security, showing Singapore to have a growing maturity level and to be moving in the right direction.”
CONTRIBUTORS
Allen & Overy
Christopher & Lee Ong
Clyde & Co LLP
CMS Switzerland
Gibson Dunn
Guidehouse
Marval, O’Farrell & Mairal
Morais Leitão, Galvão Teles, Soares da Silva & Associados
Tokio Marine Asia Pte. Ltd.
Tokio Marine HCC