2017 may have been the year in which organizations began to fully understand that “cyber risk” means more than retail data breaches and 2018 for the cyber insurance industry will call for continued efforts to meet the expanding needs of their clients.
A key theme of 2017 included the exploitation by cybercriminals of known vulnerabilities to cause chaos, business disruption, and financial losses. Experts agree that the tactic is unlikely to end any time soon.
“They certainly made the news in 2017 and I think they’ll continue to make the news in 2018,” said Samit Shah, insurance solutions manager for BitSight Technologies. On the insurance side, he told Advisen, companies should be looking at the third parties their clients rely upon to develop a greater picture of risk from an underwriting and loss control perspective. This will assist insurers in understanding their cyber risk aggregation.
A recent TrendMicro report predicted that cyberattacks in 2018 would continue to harness software and system glitches to deploy ransomware, malware and launch denial-of-service attacks. This fact should impel both insurers and their clients to pay closer attention to simple fixes that can prevent disruption.
“Many devastating cyberattacks in 2017 leveraged known vulnerabilities that could have been prevented had they been patched beforehand,” Rik Ferguson, VP of security research for Trend Micro, said. “This trend will continue next year as corporate attack surfaces expand and expose more security holes. While this remains a challenge for enterprises, executives should prioritize vulnerability management as they make 2018 cybersecurity plans, particularly in the looming shadow of GDPR implementation.”