Total Security Advisor
Practical Security Tips, News & Advice.
Updated: Nov 30, 2022
Our latest Allianz risk report looks at today’s cyber risk landscape and the emerging threats posed by the growing reliance on cloud services, an evolving third-party liability landscape that means higher compensation and penalties, as well as the impact of a shortage of cybersecurity professionals.
We found that ransomware and phishing scams are as active as ever. Most companies will not be able to evade a cyber threat. However, it is clear that organizations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms.
Around the world, the frequency of ransomware attacks remains high, as do related claims costs. There were a record 623 million attacks in 2021, double that of 2020. Although frequency reduced by 23% globally during the first half of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018, and 2019, while Europe saw attacks surge over this period. Ransomware is forecast to cause $30 billion in damages to organizations globally by 2023.
From an Allianz Global Corporate & Specialty (AGCS) perspective, the value of ransomware claims the company was involved in together with other insurers, accounted for well over 50% of all cyber claims costs during 2020 and 2021.
The cost of ransomware attacks has increased as criminals have targeted larger companies, critical infrastructure and supply chains. Double and triple extortion attacks are now the norm—besides the encryption of systems, sensitive data is increasingly stolen and used as a leverage for extortion demands to business partners, suppliers, or customers. Ransomware severity is likely to remain a key threat for businesses, fueled by the growing sophistication of gangs and rising inflation, which is reflected in the increased cost of IT and cybersecurity specialists.
Business email compromise (BEC) attacks continue to rise, facilitated by growing digitalization and availability of data, the shift to remote working and, increasingly, “deep fake” technology and virtual conferencing. BEC scams totaled $43 billion globally from 2016 to 2021, according to the FBI, with a 65% spike in scams between July 2019 and December 2021 alone. Attacks are becoming more sophisticated and targeted with criminals now using virtual meeting platforms to trick employees to transfer funds or share sensitive information. Increasingly, these attacks are enabled by artificial intelligence enabling “deep fake” audio or videos that mimic senior executives.
The war in Ukraine and wider geopolitical tensions are a major factor reshaping the cyber threat landscape as it increases the risk of espionage, sabotage, and destructive cyberattacks against companies with ties to Russia and Ukraine, as well as allies and those in neighboring countries. State-sponsored cyber acts could potentially target critical infrastructure, supply chains, or corporations.
Supply chain attacks—whether on critical infrastructure such as the Colonial Pipeline or on cloud services—have emerged as a significant risk. Increasingly, ransomware gangs use the threat of disruption to pressure firms into paying ransoms, with manufacturing companies particularly vulnerable.
Companies continue to shift their services and data storage on to the cloud, despite growing concerns around security and risk aggregation. By relying on a small number of providers for cloud services or cybersecurity, society is creating large concentrations around a few single points of failure. It is a common misconception that the outsourcing or cloud vendor will assume full responsibility in the event of an incident.
A shortage of professionals is hindering efforts to improve cybersecurity. While there is growing awareness among boards, the number of unfilled cybersecurity jobs worldwide has grown 350% over the past eight years to 3.5 million, estimates show, meaning many companies struggle to hire, impacting their ability to improve their cybersecurity posture.
Today, companies’ cybersecurity resilience is scrutinized by far more stakeholder groups than in the past. Increasingly, cybersecurity considerations are incorporated into the ESG risk-analysis frameworks of data providers, who look into companies’ practices to evaluate their preparedness for cyber crime. Making sure a company’s cyber processes and policies are understood at the board level and that risk monitoring processes are in place has never been more important.
In response to a more complex risk environment and increasing cyber claims activity, the insurance industry is more diligently assessing companies’ cyber risk profiles in a bid to incentivize companies to improve their security and risk management controls.
The good news is that insurers are now having very different conversations on the quality of cyber risk with their insureds than a few years ago. Better insight helps insurers provide more value and offer useful information to customers, such as which controls are most effective or where to further improve risk management and response approaches. The net result should be fewer—or less significant—cyber events for companies and fewer claims for insurers.
Scott Sayce is Global Head of Cyber at corporate insurance carrier Allianz Global Corporate & Specialty and Group Head of the Cyber Centre of Competence. To read the full report, please visit here.
Download this free report to learn seven steps to protect your facility from workplace violence.
This report is sponsored by the Total Security Summit, an event specifically organized for VPs, Directors, and Managers of Security who are directly concerned with their facility’s security and safety operations.
The Security Industry Association (SIA) announced a major milestone in its SIA OSDP Verified initiative – that over 100 device models have been named OSDP Verified through the comprehensive program, which validates device conformance to the SIA Open Supervised Device Protocol (OSDP) standard. SIA OSDP standard is an access control communications protocol standard maintained by SIA to improve interoperability, add […]
GXO Logistics, Inc., the world’s largest pure-play contract logistics provider, announced that it has deployed advanced air and ground security robotics at one of its major distribution centers in Clayton, Ind., and plans to significantly increase deployment of automated security systems across other sites within the next year. This would be the largest air and […]
The Security Industry Association (SIA) is pleased to announce the first members of its Utilities Advisory Board Steering Committee. SIA created the Utilities Advisory Board to offer insight and education to security practitioners, members of the security industry and other stakeholders about emerging security trends, regulatory compliance issues, and recommended practices for protecting utility infrastructure. The steering committee members, […]
SILVER SPRING, Md. – The Security Industry Association (SIA) has named Alice DiSanto the 2022 recipient of the SIA Committee Chair of the Year Award, which recognizes individuals for excellence in leading SIA committees and advancing member objectives. SIA will present DiSanto with the award at The Advance, SIA’s annual membership meeting, which will be held March 22 during […]
ISC West, in collaboration with premier sponsor Security Industry Association (SIA), continues to experience steady growth for the upcoming event, and will be taking place just less than two months away on March 22-25, 2022 at the Venetian Expo in Las Vegas (SIA Education@ISC: March 22-24 | Exhibit Hall: March 23-25). After initial reports of […]
Our world is full of threats both external and internal. This whitepaper encourages looking at life safety and security measures on your campus from another perspective. Most facilities have addressed access control and the securing of main doors, but those should be measures of last resort. There are steps you can take — some that you may not have considered — to mitigate the threat before it arrives at your front door.
The 2019 Total Security Salary Guide is here to help physical and technical security employers and employees understand where they stand in today’s security job market. This Salary Guide includes not only salary and wage data from 2017 to 2018, but also certification information as it applies to 20 benchmarked exempt and nonexempt security positions.
A proliferation of cameras has resulted in an overwhelming amount of video available to security operators, analysts and investigators. Technology that used to be prohibitively priced, is now cheap and readily accessible.
Learn how to protect your people, assets and physical spaces better with AI-powered solutions that deliver whole-building security.
