Today, the Cambridge Centre for Risk Studies launches its 2019 Cyber Risk Outlook in partnership with RMS. The 2019 Outlook is the product of a full year of research and conversation with experts, an insightful look at the current cyber risk landscape and an assessment those areas that pose the greatest threat to business with a wary eye cast to the future.
Particular threats highlighted in this year’s Outlook include the rise in supply chain attacks, and the work of state-backed threat actors, as well as the increasing costs these mediums have on traditional cyber loss processes.
Though the digitisation of our society has been in the works for decades, the rate of adoption in new and vital technologies continues to increase exponentially. Companies grow more reliant on digital assets and connectivity each year, allowing new threats to emerge with the potential for catastrophic outcomes. The concept of a traditional supply chain has similarly carried into the digital space and the breadth and complexity of these chains has increased the cyber attack surface and provided more digital links where failure, be it malicious or accidental, can occur. High profile companies often have state-of-the-art complex security systems, but security weaknesses in smaller suppliers can provide access to these same highly defended networks through a more effective means of compromise. Attackers are increasingly utilising these third and fourth-party supply chain partners to access target networks, as occurred in the case of the 2013 Target data breach. This year’s report examines other notable recent supply chain attacks including a WannaCry variant which affected the Taiwan Semiconductor Manufacturing Company costing them a reported $170 million.
State-backed cyber criminals are also predicted to be influential in the cyber risk landscape in the upcoming years. The combined levels of education and financial backing associated with these actors threatens both public and private sectors. Commonly targeted areas for state-backed cyber criminals include intellectual property theft, corruption of supply chains and disruptive attacks. Often these types of attacks can lead to reputational ruin, economic loss through an inability to continue normal operations, regulatory fines and clean up and mitigation costs. Common state activity on the Internet consists of traditional and corporate espionage, intellectual property theft, and disruptive attacks. Nation states have also been responsible for systemic events that drive global disruption and loss, including the notorious WannaCry and NotPetya attacks in 2017.
With a great portion of company continuity now dependent on digital assets for revenue and operations, more aspects of a company are affected during a cyber event. This drives up the costs of such events due to greater business interruption, incidence responses costs, and regulatory fines. This past year the cost of data breach rose by 6.4%, totalling $3.86 million globally.