UK cyber experts are claiming the roll out of cyber insurance will be essential to the raising of cyber awareness in the face of staggering attacks from rogue states around the world which now significantly threaten computer systems and the adoption of AI.
According to Jake Moore, the Global Cybersecurity advisor for cyber security company Eset, the numbers are now staggering.
The grim picture of cyber crime
“Fifty percent of all crime is cyber-crime and fraud and that’s been roughly the statistic for the last five years. That’s huge crime, to have 50% in cyber-crime and fraud, then we’re talking massive numbers.”
Moore added that the attacks UK businesses were seeing were enormous: “We probably are talking in the trillions or more. Some companies tell me that they are constantly attacked in all shapes and forms. Phishing is the thing that’s quite visual but of course we’ve got bots hitting in the background that just automate the criminal’s business for them, with AI powering it and with the data that fuels it, these numbers are just going to continue.”
It’s a grim picture that has been graphically illustrated by the computer giant IBM, which released statistics last year pointing out that some 90% of businesses worth over £5,000,000 say that they’ve been hit. While the average cost of a cyber breach in 2022 according to IBM, was £3 million.
In what should be a wake-up call to the Government most businesses, organisations and educational establishments now wearily accept that suffering a cyber attack is the price of using internet technology in the 21st century and are now turning to the insurance industry for help.
Insurance the cost of being in the intelligence age
A situation that has led many in cyber insurance to suggest that insurance policies for internet enabled technology will be as ubiquitous as car insurance. Quite literally if you want to travel the information super-highway you will need to be insured.
Interviewed in the wake of the announcement of the hack on the Electoral Commission, which lost the records of 40m voters, AJ Thompson, the chief commercial officer of the information technology company Northdoor said it was a logical development.
“Well, I think the announcements yesterday and the day before and today are just a great example of issues that companies face. Which is they are responsible for something that is out of their hands, they know will cost them an awful lot of money and reputational damage. It’s like having car insurance. You can drive around without car insurance and it’s all fine until you have an accident because cyber-attacks cost an awful lot of money.”
Yet in this new world of online, remote working and AI where everyone expects to be breached the costs of insurance have begun to climb because for once the insurance industry has got its sums wrong. With the cost of an insurance premium for a small and medium sized business at around £15,000 year and the likelihood of an attack at around 90% with average losses of £3m without raising prices and implementing the equivalent of anti-cybercrime MOTs the insurance industry has had to abruptly reevaluate the sector.
Driving cyber crime counter measures
As a result, cyber insurance premiums are not only dramatically rising the cyber-insurers are setting out strict criteria for insurance applying differing premiums for different high-risk areas like finance, defence, education, and health and in the process inadvertently driving up standards.
A process outlined by Peter Bowers. Chief Operating Officer of cyber security and insurance consultancy NormCyber.
“Last year a lot of customers tried to get their cyber insurance renewed but didn’t have any controls in place. There’s a lot of organisations like that who were told no controls no insurance.”
A situation that because of the dynamic nature of cyber crime, to the dismay of the customers, means insurance requirements are now continually changing Bowers added.
“With six months to go we are seeing people begin to renegotiate renewals on their premiums being told the goal post has moved slightly. You now need to do this or you need to step up a little bit more and put these controls in place because we’ve seen that what we asked for last time has now changed because the cyber-crime trends are changing.”
The double pronged threat of AI
It’s a picture that the cyber insurance industry expects to only get worse due to the rapid adoption of AI by both businesses and the criminals. With businesses increasing their exposure by using untested technology in a bid to stay competitive and the criminals using the technology to automate their attacks.
It also increases the financial exposure to businesses due to the potential cost of an attack that may lead to poorly protected infected databases automatically proliferating and polluting other systems leading to demands for damages.
Something that Mark Hughes, the President of Security, for DXC, a global multi-national that provides cloud services and cyber security to companies, and is also one of the sponsors of Scuderia Ferrari and Man Utd, says will be a hugely significant issue. Maintaining the integrity of databases in the AI age will be a top priority because companies are not only sharing their own data they are also scrapping data from the internet to create their AI training datasets.
The price of data pollution
“Maliciously motivated people tamper with information to produce undesirable outcomes. We have to find the balance of having truly large massive data sets taken straight from the Internet to inform the types of AI tools versus having more closed groups and closed data sets.
“I see many different organisations being impacted by malicious activities, small and huge, all the way through the spectrum and the bottom line is that they really need to just concentrate on the very basic things.
“I would urge them all to just check the basic things are in place, and I don’t want to be overly technical, but passwords, password sharing, multi factor authentication. All those things are really important. If you think that you might be impacted by something, can you recover? Can you back up? If you do spot something strange, can you respond and react to it? So those are really basic things that I think everyone can get right.”
Solving a dangerous crash
Terrifyingly, due to the appalling crime figures, the position now being taken by the insurance industry is to sell damage limitation, according to Bryan Banbury, the CEO of Russell Scanlan, a regional insurance company in Nottingham.
“To me, it’s all about the recovery and the service that you get when you get a breach or some kind of ransomware. Around eight years ago the insurers started to really deliver services. You find yourself locked down by ransomware, or you’ve had a breach or an issue with your network, or you think there’s been a breach. You can now phone the helpline and insurers have got experts ready to go to help you. I’d say every policy that we’ve arranged will have that service. It’s absolutely key that you have somebody that can talk you through it,” said Banbury, who underlined that computer systems are now one of the most essential components for an organisation in the 21st century.
“Most businesses rely on their computer network. Even if you just use it for emails and you can’t communicate with your customers or your suppliers because your network’s down and you’ve been locked out that’s going to have a knock-on effect on your business. If you use your network, and you have important software on it and you’re selling online and you can’t sell online anymore because of that, that’s obviously a big issue. If you use software for design work and you can’t get that design work finished or you lose all the work you’ve done. You’ve got to start contracts again. So, it really depends on what you do.”
A point not lost on an insurance industry that has rapidly entered the information age and in an interesting paradox that is now driving improving cyber security standards.
ESET and Lester Aldridge panel discussion
Future Intelligence has been asked to take part in an event organised by Eset and the leading law firm Lester Aldridge designed to highlight the crucial role that cyber insurance will play in the effective deployment of AI technology in the intelligence age in Bournemouth on October 20th 2023.
To book tickets please click on ESET and Lester Aldridge – Insuring the future
🗓️ 20th October 2023
🕑 14:00-17:00
📍 The Nici, Bournemouth
