Cyber threat trends for your insurance business

Cyber threat trends for your insurance business

The cyber threat landscape is ever-evolving, and the pandemic has demonstrated just how vital it is for insurance businesses to be on the pulse of the latest cyber threat trends.

From the increase in ransomware attacks to the massive SolarWinds hack, it’s clear that many organizations were not prepared for the surge in cyber threats. To ensure they are not left behind, insurance businesses need to be on top of the latest cyber threat trends.

I recently participated in a CyberCube webinar, discussing the cyber breaches that occurred in the last year and what we can learn from them. Jacob Palmer, Director of Consulting, also participated in the event in an interview with Yvette Essen, Head of Content & Communications. We discussed cyber threat trends (re)insurers need to know, as well as future predictions in the cyber threat landscape and how analytics can open up even more opportunities to assess cyber risk more accurately.

Let’s take a closer look at some of the points that were covered.

The increase in cyber threats

As mentioned, the increase in cyber attacks over the past year has been apparent. As organizations of all types and sizes shifted to remote work, cyber criminals could more easily breach businesses.

The global threat actor landscape

We already know that threat actors from all around the world have different motivations. A cyber attack can be a cyber criminal gang infiltrating an enterprise and holding their data for ransom, a nation state committing political espionage, or a teenager with a phone and a laptop.

It’s easy to make sweeping generalizations that Russia is more likely to be the threat actor behind political espionage while China commits more industrial espionage, but remember that motivations for threat actors vary. Cyber attacks happen from all over the globe, and it’s often more than one cyber gang or nation state joining forces. That’s why information sharing alliances, such as the “Five Eyes Alliance” between countries including the US, UK, Canada and New Zealand, are so critical.

As the threat actor landscape is constantly evolving, learning lessons from previous attacks to better understand future threats will be helpful for businesses going forward.

The SolarWinds attack

In 2020, a politically-motivated Russian actor group attempted to steal confidential information from government agencies and software firms by infiltrating a Single Point of Failure (SPoF) in a supply chain — in this case, SolarWinds. SolarWinds is a systems and network management application, which meant that when it was breached, up to 18,000 organizations were potentially affected.

While the hack wasn’t necessarily destructive in nature, the espionage aspect of the breach is concerning. Considering the sophistication of the attack, the potential for catastrophe losses is undeniable and it is clear that similar attacks will become more frequent in the future.

(Re)insurers must be prepared for any future attacks, especially when they could target SPoFs in a supply chain. These consequential attacks are here to stay and need to be considered when underwriting risk. Identifying SPoFs is key to mitigating that future risk (and CyberCube’s risk analytics solutions can help with this).

Colonial Pipeline attack

The Colonial Pipeline ransomware attack in May resulted in the company shutting down its entire pipeline operations. The attack itself targeted the IT system (not actually affecting the ICS systems that contol the pipeline). However, the business decided to shut down its other infrastructure operations systems to be safe, causing four-to-five days of significant downtime to its pipeline. This shows future attackers just how easy it is to cause business interruption (BI) — critical infrastructure such as industrial control systems do not necessarily have to be attacked to have a severe impact.

This attack created ripple effects that were hard to predict, and has highlighted just how vital it is to assess contingent business interruption (CBI) risk as well as accumulation risk for cyber attacks on SPoF. In line with best practices, a key line of defence for businesses in the future will be to segment IT assets, which (re)insurers need to consider when assessing cyber risk.

The Microsoft Exchange Attack

Microsoft Exchange is a big SPoF, making it the perfect target for Chinese state-sponsored threat actor Hafnium to gather confidential data and hold it to ransom. The potential fall-out from the Microsoft Exchange attacks demonstrates just how impactful such events can be. Once the attack was made public, other cyber criminal attackers saw the opportunity to take advantage of the company’s exposed vulnerabilities.

SPoFs must be taken seriously. There is no doubt that high profile SPOFs will continue to be targeted by criminal actors and businesses need to be mindful of reducing risk through better understanding of these SPOFs. Following best practices such as least-privilege access and Zero-Trust models is also essential to mitigating the risk.

Another big ransomware event was the Kaseya attack. Learn more about it here — The Kaseya ransomware “double-embedded” outbreak: what does it mean for (re)insurers?

The better (re)insurers can understand their own risks as well as their customers’ before underwriting, the better placed they are to accurately price risk and any premiums.

Future cyber threat predictions

The attacks of recent years have made it evident that cyber threats will continue to increase in severity and frequency. This is especially true when it comes to SPoFs, where supply chain risk accumulations can affect so many different businesses. (Re)insurers must be aware of all of these. Here are some of the major trends to keep an eye on in the coming years:


Ransomware is a hot topic in the cyber risk space, and for good reason. Ransomware attacks will mutate quickly, especially as attackers are preparing to hit bigger targets, meaning even more devastation.

There will continue to be a move from consumer-based attacks to laser-focused attacks on Fortune 500 companies and enterprises. Threat actors know that they can extort more money from larger businesses, so (re)insurers must consider this and underwrite risk accurately. In fact, double extortion is becoming even more popular — first, the attackers will extort you for encrypted data but keep a mirror copy, and then extort you to keep that confidential or sensitive data from being released.

The threat to the integrity of data is also increasing. Many companies cannot operate without their data, relying on its accuracy. When data has been held for ransom, businesses can’t guarantee that data hasn’t been altered, leading to increased BI losses.

Ransomware will not die down any time soon. The sophistication of these attacks is only getting better with more investment, mutations and advances in technology, such as artificial intelligence (AI) and machine learning powering ransomware attacks.

Learn more about enterprise ransomware attacks in our free report — Enterprise Ransomware: Assessing the future threat and what it means for (re)insurers.

AI and machine learning

AI and machine learning is currently a double-edged sword in the cyber threat landscape. It’s helping both cyber defenders and attackers. On one hand, the advances made in this technology is helping to prevent cyber attacks, while also making it easier for cyber criminals to infiltrate organizations.

AI and machine learning can help threat actors to introduce automation and scale up cyber attacks. Sophisticated machine learning algorithms can create more impactful, specific and targeted attacks. Facial recognition has even been used to target individuals with ransomware attacks, showing just how advanced this technology is becoming. Businesses must be prepared for these new kinds of attacks to debut over the coming years.

Massive accumulation events

Events with catastrophic scope are becoming more familiar. This shows that we are dancing on the edge of an accumulation event — it’s no longer a theoretical possibility, but a real concern.

Looking at the last six or so years, there is a trend of increased sophistication of attacks, more involvement from heavily-funded cartels and government agencies, and a spike in ransomware attacks. More destructive and costly attacks are inevitable and businesses need to be prepared for the worst hit.

Calls to action

So how can businesses better prepare for these upcoming threats? Let’s take a look at some critical actions to take.

  1. The first line of defense is no longer your firewall, but the individual employee.

    While technology is vital in dealing with risk, past attacks have shown that exposed vulnerabilities have often started with somebody doing the wrong thing — e.g. clicking the wrong link in an email or following a fake web link that infects a system. These attacks commonly rely on infiltrating a system via an employee, and it’s when we’ve seen the worst hits. Educating your employees and establishing a cybersecurity-minded culture is necessary to prevent this from happening.

  2. Work with your clients to consider SPoFs.

    Understanding the tolerances and dependencies that an organization has is critical, especially because this is where cyber criminals are focused too. This has been demonstrated over the last year with the SolarWinds and Microsoft Exchange attacks. (Re)insurers must understand the SPoF landscape that your clients represent. Assessing upcoming cyber risk accurately will be especially important here.

  3. Promote practices such as Multi-factor authentication (MFA), Least Privileged Access, Vulnerability Assessments & Phishing Simulation.

    These are just some of the best practices that you and your clients should be implementing throughout your organizations to mitigate future risk. For more information on what your business or clients could be doing better, contact us at CyberCube for expert advice.

  4. Events with catastrophic scope are becoming familiar.

    Larger cyber events are increasing in frequency, so preparation is key. Understanding past events and how they could affect your business and clients in the future can help mitigate risk, but you need the right cyber risk analytics. Analytics can help identify high-risk indicators for future events, as CyberCube’s single-risk underwriting solution, Account Manager, did for Colonial Pipeline prior to the attack. It’s clear then, that with the right cyber risk underwriting and risk accumulation modeling solutions in place, insurance businesses can better compete in both the new cyber threat landscape and the hardening insurance market.

The cyber threat landscape in 2021 and beyond

The cyber threat landscape is changing quickly, and understanding future trends and the actions you can take will aid in weathering any future storms ahead.

Prevention is critical, and using these past attacks to predict what’s to come in the future will be even more important, but the most vital component is using the right data and analytics to drive your (re)insurance decisions.

Created by a team of cyber experts, CyberCube’s solutions for (re)insurers deliver up-to-date and accurate data that can assess the future cyber threat landscape. After all, when done correctly, cyber modeling and risk assessment helps insurers make decisions with confidence in the long term.
Download Resource