There is little sign that the growth of cyber risk to businesses is slowing. Hiscox’s 2023 Cyber Readiness Report listed cyber attack as the top exposure for big businesses (firms with more than 20,000 employees). Nearly a quarter (23%) said they had a ‘very high risk’ of cyber exposure, compared to the next two highest risks; reputation damage (18%) and losses due to economic issues (16%).
The report’s findings evidence how, due to factors such as the rapid growth of the digital environment for almost every business, an ever-expanding volume and scope of data collection, societal changes, and the continual and fast-tracked evolution of the risk itself, cyber has risen to the top of the risk agenda and looks set to stay there well into the future.
A rich seam of opportunity
In 2021, worldwide spending on digital transformation is believed to have exceeded US$1.5 trillion, and by 2026, that figure is expected to rise to US$3.4 trillion; a level of spending which has created a rich seam of opportunity for cyber criminals. “Our growing reliance on everything digital is a key driver for cyber risk,” says Tim Andrews, Cyber Line Underwriter for Hiscox London Market. “Businesses and industries that were not online and had minimal digital infrastructure now see digital transformation as a key priority. This has created a much greater attack surface for cyber criminals to exploit.”
“Our growing reliance on everything digital is a key driver for cyber risk,” says Tim Andrews, Cyber Line Underwriter for Hiscox London Market.
Data harvest
The growth in the volume and richness of the data collected and held by businesses has also provided a fertile hunting ground for hackers, says Andrews. “Organisations increasingly see the value of the data they collect and how they can use that data to both improve their products and services, as well as generate additional income. But criminals also see that potential monetary value and can use various techniques to extort their victims and/or sell the data on the dark web to other third parties.”
The risk evolves
Another key reason for the dominance of cyber is the way the cyber risk itself continues to adapt to a changing world. “Criminal tactics exploit new societal trends such as working from home,” says Andrews. “For example, more than four out of ten businesses (41%) in Hiscox’s report think their exposure to a cyber attack has increased in the last 12 months due to people working from home; this is the joint highest cause equalled only by the increasing frequency and volume of overall attacks.” Manufacturing, government and not for profit, and retail, all record remote working as the biggest cause of growth in cyber risk exposure at more than two thirds (67%).
In addition, a greater number of employees using their own devices for work, listed by nearly a third of businesses (31%), and rapid business growth outpacing cyber risk management controls (28%), are mentioned as key reasons why organisations believe their risk exposure to cyber attack has increased.
“Criminal tactics exploit new societal trends such as working from home,” says Andrews.
No sign of the cyber risk slowing
Unfortunately, there is no sign of the cyber risk losing momentum. “The onset of the Russia and Ukraine conflict initially seemed to disrupt and displace the activity of the cyber gangs,” says Andrews, “but in the last 12 months or so, the volume of attacks has risen again. And we are not yet sure how new tech like AI is going to impact the risk, but we are already seeing criminal gangs use it to their advantage in areas like automating well targeted phishing emails, and finding network vulnerabilities.”
Ultimately, a reduction of cyber risk is unlikely in the short to medium term and no business can afford to stand still in their approach to fighting this risk says Andrews: “The relentless growth in cyber risk should be matched by a proportional increase in the investment and measures businesses need to take to safely manage and mitigate the risk. But the importance of working with cyber insurers who understand the risk while drawing on their education and advisory capabilities is critical, as is choosing a carrier that has the experience of dealing with the unique and varied nature of the claims presented.”
“The relentless growth in cyber risk should be matched by a proportional increase in the investment and measures businesses need to take to safely manage and mitigate the risk." Says Andrews.
