Allianz Commercial head weighs in on the risk panorama
Generative synthetic intelligence (AI), the resurgence of ransomware, an evolving regulatory surroundings, and a heated election yr within the US are driving shifts within the cyber threat panorama for North American companies this yr.
That’s as cyber incidents remained probably the most important world threat for the third yr in a row, in line with the 2024 Allianz Risk Barometer.
Cyber occasions are the highest peril in 17 nations, together with the US, and the second-biggest threat in Canada. Business leaders polled by Allianz have been most involved about information breaches (59%), assaults on essential infrastructure and bodily property (53%), and ransomware (53%).
“Unfortunately, I’m not surprised to see that cyber is still the highest risk on the list,” mentioned Tresa Stephens (pictured), Allianz Commercial North America head of cyber. “It’s [no surprise] given how rapidly these cyber exposures preserve shifting alongside rising developments in expertise, like AI, and the regulatory panorama that should evolve to maintain tempo with how a lot we make the most of expertise and the brand new methods we use it.
“On top of that, cyber events are driven by threat actors with financial and political motives. So, in a tough economy or a challenging geopolitical or socio-political environment, you’ll see more individuals incentivized to participate in criminal activity online.”
‘Cat-and-mouse games’ – will ransomware surge proceed in 2024?
The resurgence of ransomware assaults in 2023 helped stoke worries for US and Canadian organizations. Insurance claims exercise linked to ransomware was up greater than 50% final yr in contrast with 2022, in line with Allianz.
“Broadly speaking, I don’t think it’s likely to go away anytime soon. But we did see peaks and troughs over the last couple of years in ransomware activity,” Stephens mentioned.
According to Stephens, a number of components affect the “waxing or waning periods” for ransomware exercise. One is that as organizations bolster their cyber defences and put money into improved cybersecurity, risk actors pivot to different assault modes.
“There’s a period where [businesses] catch up to the tactics, so threat actors come up with new methodology… by which they’re going to infiltrate businesses’ computer systems,” she mentioned. “So, if ransomware isn’t as effective today, they might switch to business email compromise, and you’ll see an increase in that threat vector. But it’s this cat-and-mouse game that keeps going back and forth.”
Sociopolitical tensions within the run-up to the US presidential elections are additionally a significant crimson flag for cyber underwriters, in line with Stephens.
“I think I speak on behalf of most cyber underwriters when I say that during election years, we don’t sleep as well,” she advised Insurance Business. “It’s hard to determine right now because we’ve had election years where there was very little cyber-related activity. But some threat actors are motivated by sociopolitical means, so there’s always a chance that you might see an uptick in events related to or around an election year.”
Generative AI’s affect on the cyber risk panorama
The rise of generative AI expertise has additionally empowered cyber risk actors to be nimbler of their assaults.
Stephens warned that ChatGPT and different massive language fashions will be highly effective instruments for exploiting human error for monetary acquire.
“We sometimes quite easily fall prey to the right words in the right order, and generative AI has enabled threat actors to propagate more impactful phishing campaigns on a mass scale and facilitate the generation of more effective malicious code,” Stephens mentioned. “There are many ways in which [generative AI] ramps up the stakes. Threat actors can do it faster, more effectively, and more cost-effectively, too, which is a big variable.”
To defend themselves towards AI-powered cyber assaults, companies ought to familiarize their workforce with the risk. Security consciousness coaching to handle developed assaults is essential; likewise, organizations can put money into AI and machine learning-based instruments to fend off risk actors’ advances.
“It’s impossible to defend against an enemy you don’t know or recognize,” mentioned Stephens.
The cyber chief additionally emphasised that organizations can “fight fire with fire” by leveraging AI instruments towards AI threats.
“AI is generally useful for tasks like pattern recognition, which makes it well suited for tasks like identifying malicious links,” Stephens mentioned.
“The applications and toolsets enabling these threat actors to go after a business are the same ones a business can readily employ to prevent the attack. Going forward, I think we will see more focus on using these tools to protect businesses.”
Do you could have one thing to say about cyber threat developments in North America? Please share your ideas within the feedback.
Related Stories
Keep up with the newest information and occasions
Join our mailing checklist, it’s free!
