Smart technology, artificial intelligence and trading in non-fungible things: developments in the cyber world continue to unfold with implications we don't even fully understand yet. To explain the risks to business security, cyber experts Robyn Adcock, Gallagher National Placement Manager for Cyber and Technology Risks and Michael Bruemmer, Experian Head of Global Data Breach Resolution, examined some of the leading trends in cyber threats in a recent webinar.
In review, 2023 was an active year for cyber criminals, with Australian individuals and organisations reporting nearly 23% more attacks than 2022, according to the Australian Signals Directorate1.
It was also the year of the third party breach and attacks on cloud storage. Data theft extortion-motivated events increased, with the cyber criminals responsible for 44% of global business ransomware incidents both demanding a ransom and also leaking the data. The impact of attacks on managed service providers (MSP) are magnified when MSPs work with multiple clients.
The Federal Government responded to increased cyber threats by initiating development of an Australian Cybersecurity Strategy with specific reference to critical infrastructure, small businesses and privacy reform. Proposals include bringing the timing required to report breaches into line with international privacy laws (the European General Data Protection Regulation allows a 72 hour window).
Below are the four of some of the predicted emerging issues of concern to businesses in Australia and globally, as identified in the Experian 2024 Data Breach Industry Forecast2.
Once they have hacked into a targeted system increasingly cyber criminals maintain a watching brief to discover how they can best manipulate data to serve their objectives. Some of these actions take the form of small adjustments to large amounts of data, such as tampering with stock bond yields, currency exchange rates or GPS coordinates.
Hackers exploited a European airline through disruptions to flight scheduling that cost over $150 million in damage.
In order to cover loss expenses, insurers will require policyholders provide proof of data being manipulated, usually with evidence from a forensic investigation. When reviewing cyber insurance terms check reporting requirements within policies to understand the definitions and conditions that apply.
Australia is the source of a number of rare earth minerals for use in modern technologies such as electric vehicles, micro grids and solar panels, in competition with China which has about 70% of the world's rare earth reserves.
In 2023 the county's largest producer of molybdenum was hacked with the intention of disrupting supply flow. This has serious implications for suppliers but also for the industries that depend on these materials.
It's become crucial to focus on vendor management programs. With reliance on third parties to deliver efficiencies, businesses need to ensure their level of security compliance is as strong as yours. Where you have high reliance on a third party for their service or products you may need to coordinate a collaborative cyber incident response.
Indications in 2023 showed that criminal entities such as Cabal, Lazarus, Magecart and Evil Corp have been seen collaborating on the dark web, splitting up the actions and aspects of infiltrating and exploiting target business victims between themselves.
Businesses may gather industry intelligence on organised cyber crime attacks from their own sector, and government sites such as the Australian Signals Directory (ASD) and the Australian Cyber Security Centre (ACSC) provide up to date threat information and regularly post about this on LinkedIn.
In terms of risk management, organisations with high levels of incident response planning and testing save significant amounts on premiums and are often able to respond to an attack quickly and effectively because they already know their roles and responsibilities and who to engage to assist them.
Our experience indicates prepared businesses have fewer breaches and achieve around 30% cost savings in the event of a breach.
As legal requirements and regulations about cyber security breaches and data compromise reporting and transparency are tightening both overseas and in Australia, cyber criminals are leveraging timing around business sales and acquisitions or financial reports in their ransomware demands.
They are observing business activities for when vulnerabilities may open up and when they can strike to obtain maximum advantage.
Businesses can expect increased regulator and insurer interest in data loss prevention. The need for the retention of data will be a focus of the Office of the Australian Information Commissioner when investigating the impact of data breaches. Risk management will likely require privacy impact assessments and the implementation of strong access controls.
As most business liability policies exclude cover for cyber liability, business owners should consider a separate cyber insurance policy that covers your risk exposures and includes contingent costs such as business interruption, legal expenses and data recovery.
Gallagher caters to businesses of all sizes and types, across multiple industry sectors, in accessing appropriate scope and levels of cover for cyber exposures.
In addition to cyber insurance protection and advice, Gallagher offers expertise, advice and resources for building business resilience to withstand cyber security incidents.
Find out more about these threats as well as interconnectivity — the weakest link, and India — the new nation state threat actor.
1Australian Signals Directorate Releases 2023 ASD Cyber Threat Report, 15 Nov 2023.
2Experian 2024 Data Breach Industry Forecast, accessed 18 Mar 2024.
3The Mandarin, Why Minerals and Rare Earths are Critical for Australia's Future, 6 Nov 2023.
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.
Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.
Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312
