Co-authored by Darren Thomson and William Altman.
It is clear that the scope and scale of cyber attacks in the past year has changed the cyber (re)insurance market. It’s more important than ever for (re)insurers to take an active role insuring organizations while equipping them to be resilient and less vulnerable to cyber attacks.
The first step to mitigating cyber risks and avoiding losses is to understand the cyber threat landscape. Threat actors are only getting more organized, and (re)insurers that are aware of the need-to-know cyber threat trends for 2022 and where organizations should be focusing security efforts will be poised to win.
In this blog, we’ll cover cyber security trends occurring in 2022 so you are better positioned to judge the security of clients and future prospects, and make better cyber risk strategy decisions.
It’s no surprise that ransomware is not going anywhere anytime soon. The threat has been a popular form of cyber attack in the past year, as seen with large attacks such as Colonial Pipeline and Kaseya VSA. Cyber insurers that are aware of the tactics, technologies and procedures criminal actors use in ransomware attacks are going to be equipped to uncover red flags that could lead to ransomware driven losses.
Ransomware-as-a-Service (RaaS) has become increasingly prevalent since early 2020, creating systemic issues which have impacted the cyber (re)insurance market. Around the same time RaaS gangs started to reach scale, the increase in claims began outpacing premiums earned, and today the ratio of losses to premiums earned is negatively affecting future profitability.
More than 50 RaaS gangs operate using unique ransomware code and attack infrastructure. The top gangs’ playbooks, technologies and tactics have been leaked and disseminated, giving rise to a wider set of capable threat actors. Moreover, when some gangs shut down, they’re quickly replaced by new ones. Common tactics include ‘double extortion’, which many RaaS gangs use to increase the chances of obtaining a ransom payment. Today, most ransomware victims are located in the US, but as these groups grow in scale and multiply, it’s likely that there will be an internationalization of ransomware.
Re)insurers that are aware of the key developments in ransomware threat actor activity will be able to equip broking, underwriting, and accumulation risk management teams with the insights they need to stay ahead of renewals and claims.
Single-point-of-failure (SPoF) attacks have been on the rise, as seen from the high profile attacks that have occurred since 2020, such as the Kaseya VSA attack and GoDaddy data breach. Criminal threat actors and nation states are both increasingly targeting widely-used software vendors, leading to greater supply chain aggregation risk. More organizations are at risk via third parties than ever before, and the ability to identify supply chain risks has never been more important.
Not only are SPoF attacks becoming increasingly common, threat actors’ tactics are becoming smarter as they target companies’ vulnerabilities. This is made even easier as organizations are moving more of their infrastructure to the cloud, so threat actors are more easily able to attack critical cloud SPoF. In particular, attackers are crafting malware to specifically compromise key cloud assets, such as containers and virtual machines.
In 2022, there will be an increasing number of nation state cyber threat actors that are both advanced and persistent — known as advanced persistent threats (APTs). These attackers have the resources, skills and time to focus on their targets, and have been known to integrate cyber offense with broader national security agendas. Most enterprises will not have resources to deal with APTs.
APTs are aiming to compromise specific adversaries, as well as waging espionage and intelligence campaigns. With more APTs operating at the same time, the odds of significant conflicts erupting between these groups also grow, which could create collateral damage and disruption to businesses and governments alike. These conflicts have already been seen to create major downstream impacts as demonstrated by APT-led attacks on SolarWinds and MS Exchange in 2021.
Your clients or prospects may be more vulnerable to attacks from nation states, leading to greater losses, which is why it is key to be aware of these various risks and the goals of these threat actors.
While cyber attacks are on the rise across all businesses, four specific industries are likely to be more targeted in 2022. These include: healthcare, education, manufacturing and utilities.
Healthcare organizations have sensitive data that is valuable to threat actors. In particular, smaller healthcare organizations that have poor cyber resilience (including backup systems) are most at risk. Ransomware operators are likely to target hospitals that can least afford unplanned downtime.
Opportunistic RaaS affiliates will continue to take advantage of low levels of cyber maturity in education. Increased reliance on digital mediums for education will make schools more vulnerable to cyber attacks.
Businesses with low visibility into Operational Technology (OT) are at increased risk of experiencing an IT attack that impacts OT. The focus should be on locking down remote connectivity solutions (RDP, VPN, etc.) and credentials.
An increasing number of critical utilities (e.g. water, energy and transportation) could be targeted by advanced persistent threats (APTs). Criminals scanning the Internet for vulnerabilities will often accidentally find utilities and take advantage of these.
It’s worth noting that the smaller organizations within these industries are arguably more vulnerable, as they have fewer resources to protect themselves from cyber attacks. (Re)insurers must be prepared when considering what industries to underwrite and reinsure, as well as use cyber risk mitigation tactics to best avoid loss.
In 2022, (re)insurers must understand the constantly evolving threat landscape. Staying on top of cyber security trends will help ensure you are best prepared to make informed and strategic cyber risk decisions regarding your future prospects and clients.
(Re)insurers are better placed to make informed risk decisions with the help of an effective cyber risk modeling solution. At CyberCube, we understand that cyber security is a complicated topic and there are many variables to consider when providing cyber insurance coverage. Due to the complexity of cyber risk, our analytics solutions have a focus on data. We curate data from a wide variety of sources that allows us to provide a comprehensive view of cyber risk across different industry segments.
You can learn more about the analytics we offer and how it can help you better understand the cyber security trends of 2022 in our report — CyberCube’s Global Threat Briefing. It provides insights into the cyber threat landscape, its trends, actors and activities, which are produced as part of the CyberCube Concierge service. This service provides users of CyberCube technologies access to our experts who perform as an extension of their cyber teams, helping you better quantify, understand, and manage your cyber risk, no matter where you are in the insurance value chain.