As cyber attacks grow in volume and scale, companies will be compelled to address cybersecurity risk holistically by integrating it more aggressively into their enterprise risk management (ERM), said Aon's latest 2018 Cybersecurity Predictions report.
In 2017, cyber attacks observed included phishing attacks that influenced political campaigns, ransomware cryptoworms that infiltrated operating systems on a global scale and a proliferation of distributed denial-of-service (DDoS) attacks on IoT devices, crippling their functionality, noted Aon Cyber Solutions CEO Jason J. Hogg.
“In 2018, we anticipate heightened cyber exposure due to a convergence of three trends: first, companies’ increasing reliance on technology; second, regulators’ intensified focus on protecting consumer data; and third, the rising value of non-physical assets,” he said.
The report looks at the ways in which companies having to accept more liability and accountability over cyber attacks will lead to significant changes in the corporate landscape. Highlights include:
- Businesses adopt standalone cyber insurance policies as boards and executives wake up to cyber liability.
- As the physical and cyber worlds collide, chief risk officers take centre stage to manage cyber as an enterprise risk.
- Regulatory spotlight widens and becomes more complex, provoking calls for harmonisation. EU holds global companies to account over GDPR violation; Big Data aggregators come under scrutiny in the US.
- Criminals look to attack businesses embracing the Internet of Things, in particular targeting a small to mid-sized company providing services to global organisations.
- As passwords continue to be hacked, and attackers circumvent physical biometrics, multi-factor authentication becomes more important than ever before.
- Criminals will target transactions that use reward points as currency, spurring mainstream adoption of bug bounty programmes.
- Ransomware attackers get targeted; cryptocurrencies help ransomware industry flourish.
- Insider risks plague organisations as they underestimate their severe vulnerability and liability while major attacks fly under the radar.