By Ted Gotsch
Cyber criminals are increasingly jeopardizing the security of private companies as well as the public, raising the need to combat risks that threaten operations as well as financial stability as currency holdings continue to migrate into the digital realm and more and more people work from home.
As part of the Academy-sponsored webinar “Navigating the Cyber Risk Landscape: New and Emerging Work,” members of its Committee on Cyber Risk on Oct. 10 detailed the current cyber threat landscape as well as the panel’s efforts to identify and explore features of sample cyber models available to address risk quantification in the cybersecurity market. New Cyber Risk Toolkit chapters recently released or soon-to-be released by the committee address all of these issues.
Key Webinar Highlights
- Ransomware incidents in the U.S. hit an all-time high in 2023.
- Cryptocurrency accounts held on DeFi platforms and protocols are increasingly vulnerable to hacking.
- More people working from home means more complications when it comes to who is responsible for keeping commercial systems safe.
- The increased use of artificial intelligence (AI) will cause additional cyber risks in the years to come.
- There is a growing number of services available to safeguard networks.
Financial losses due to cybercrime are increasingly a problem. Digital assets like cryptocurrency held on decentralized platforms and protocols, known as DeFi, are often the target of theft because they are unregulated and don’t have the same verification, anti-money laundering, and know-your-customer requirements as those in centralized digital asset exchanges.
“Over time, there has been an increased number of hacks into DeFi protocols. The threat actors get a foothold into these exchanges and extract from them,” said committee member Sam Tashima. “As a consumer, it is something to be aware of.”
There has been an uptick in the number of losses of $100 million or more this year, including by Mixin Network, Euler Finance, Multichain, BonqDAO, and Atomic Wallet, he stated.
Additionally, ransomware incidents have hit an all-time high in 2023 even before the year is over. Through the first three quarters of the year, the frequency has already exceeded the number of incidents in 2021, which previously held the record. Ransomware revenue reached $450 million through June, closing in on the nearly $500 million collected last year.
“The revenue continues to increase,” Tashima said. “It has a significant impact when it comes to cyber insurance.”
He added that actuaries need to be cognizant about underwriting/pricing with regard to crime and money policies.
Meanwhile, consumers are facing additional risks as well as they increasingly go online with multiple devices and fall victim to phishing schemes, social engineering, network hacking, malware, spyware, and ransomware. Such incidents can result in data breaches, online fraud, theft, and cyber extortion.
“The losses to an individual will be much smaller, but a couple of thousand dollars would have a much bigger impact to an individual,” said committee member Bobby Jaegers.
Additionally, at a time when people are increasingly working from home, there is also a hazier line between what is personal and what is commercial cyber risk. If a worker’s home wireless network is hacked, for example, and an attacker is able to access one’s work computer as well as personally identifiable information, who is liable?
To reduce risks at home to both personal and professional systems, it is essential to keep software and hardware up to date, avoid opening suspicious emails, and use antivirus and antimalware software. Also, using a virtual private network (VPN) to privatize connections, changing passwords often, and enabling two-factor authentication is strongly recommended.
Mitigation efforts can also help stem problems before they get bigger. Passive methods like monitoring one’s credit score or more active methods like monitoring services that scan the dark web to see whether information has been leaked (but don’t reimburse you for the costs associated with the leak) are a possible solution.
The availability of cyber insurance for consumers is growing to cover damages such as financial loss, unrecoverable funds, breach of personal information, and identity restoration.
Jaegers said that the need for such services is only going to increase in the years ahead. “There will be more cyberattacks as AI increases and makes emails or communications more believable,” he stated.
And Katie Koch detailed the committee’s work on creating a cyber vendor model comparison that was motivated by the influx of models and services in the market designed to address various aspects of cyber risk quantification. The committee conducted direct discussions with the vendors, some with interviews and others with publicly available information.
Her suggestion from working on the project? “If you are using a vendor, asking a lot of questions might be a good thing,” she said.
The webinar recording and slides are available free of charge to all Academy members. To access them, log in to your member profile.
TED GOTSCH is senior policy analyst for content and publications for the Academy.