Get over it – you will be hacked: confronting and preparing for the reality of cyberattacks
Frederik Soendergaard-Jensen, Co-Founder and CEO at Lifu Technologies, shares proactive measures organisations can take in the face of the unavoidable reality of cyber threats.
While cyber risk insurance plays an important role, a broader, multifaceted approach that includes robust cybersecurity measures, comprehensive business continuity planning, and adherence to recognised standards is required. By focusing on resilience and preparedness, organisations can mitigate the impact of cyberattacks and ensure their long-term viability.
The inevitability of cyberattacks is a stark reality in today’s digital landscape. With 3,205 reported data compromises in the US in 2023, representing a 72% increase over 2021[1] , businesses must acknowledge that cyber risk is on the rise. Compounding this issue, 60% of small businesses that suffer a cyberattack go out of business within six months.[2] Statista forecasts that the global cost of cybercrime will rise to $23.84 trillion by 2027, nearly trebling from $8.44 trillion in 2022.
Is cyber risk insurance a viable solution?
With the escalation in cyber threats, organisations might look to cyber risk insurance as a potential safeguard. However, the Veeam Insights Report 2024 highlights some concerning trends in this area:
- 73% of organisations experienced an increase in their premiums at the time of their last renewal.
- 44% saw their deductibles increase.
- 14% had their coverage benefits reduced.
Moreover, even with insurance, recovery is not guaranteed. One in three organisations could not recover their data even after paying the ransom. This raises questions about the effectiveness of cyber insurance as a standalone solution.
Interestingly, other reports suggest that cyber insurance rates are falling as businesses improve their security measures. This indicates a positive trend where enhanced cybersecurity practices are recognised and rewarded by insurance providers.
The threat of supply chain attacks
Supply chain attacks present a unique and growing challenge. Companies can implement robust cybersecurity measures internally, but they remain vulnerable to breaches through third-party suppliers and service providers. Recent incidents underscore this risk:
- Auto dealership outage: A cyberattack hamstrung car dealerships, disrupting operations for days.
- Banco Santander: The Spanish bank suffered a supply chain breach, resulting in the theft of staff and customer data.
- Cloud Nordic: A ransomware attack on this Danish cloud services provider led to the complete loss of client data, as backups were also compromised. This catastrophic failure forced several clients into bankruptcy.
The lesson here is clear: ensure that backups are maintained offline and in separate environments to mitigate the risk of complete data loss.
Business continuity and cyber resilience
Given the inevitability of cyberattacks, assessing a company’s business continuity preparedness becomes crucial. Companies must have the resources and strategies in place to recover from disruptions, making standards and frameworks like ISO 27001, ISO 22301, and NIS2 exceedingly important.
- ISO 27001: This international standard helps organisations manage information security by establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
- ISO 22301: This standard provides a framework for Business Continuity Management Systems (BCMS), ensuring that organisations can recover from disruptive incidents.
- NIS2: This European Union directive mandates cybersecurity requirements for critical infrastructure companies, ensuring adherence to necessary standards and regulations.
Strategic recommendations for trade finance institutions
Like other organisations, trade finance institutions must adopt proactive measures to confront the rising threat level in today’s digital environment. The following recommendations promise to help enhance the resilience and preparedness of these institutions.
Risk awareness and monitoring:
Establish continuous monitoring systems to track cyber threats and vulnerabilities across sectors and regions.
Invest in cybersecurity expertise to assess and understand the evolving landscape of cyber risks.
Enhanced due diligence:
Develop comprehensive cyber risk assessment frameworks for counterparties, incorporating both qualitative and quantitative measures.
Encourage or require counterparties to adhere to recognised cybersecurity standards and certifications.
Policy and coverage adaptation:
Re-evaluate insurance products to explicitly address cyber risks, ensuring clarity on inclusions and exclusions.
Consider offering specialised cyber risk insurance products or endorsements to existing policies.
Collaboration and information sharing:
Foster collaboration with industry peers, regulatory bodies, and cybersecurity experts to share information and best practices.
Participate in industry forums and initiatives focused on enhancing cyber resilience.
By integrating these strategies, trade finance institutions can better manage both the direct and indirect impacts of cyber risks, safeguarding their operations and those of their supply chains.
