Businesses are increasing their reliance on digital solutions in order to make their businesses more efficient and to gain new insight into consumer habits. But these digital solutions bring an increased risk of digital attacks.
What dangers are lurking in cyberspace, threatening your business and profits in the coming year?
The Cambridge Centre for Risk Studies (CRS) has gained a worldwide reputation for its innovative research in the analysis, understanding, and management of systemic risk. Each year the CRS publishes a Cyber Risk Outlook report detailing the current trends in cyber risk.
These are the biggest risks researchers from Cambridge CRS are warning about that could impact your business in 2020:
1. Increased Websites and Web Solutions Increase Cyber Risk
The number of devices being operated by businesses, and the number of commercial endpoints being connected to the internet, are growing at rates of around 12% annually, according to Cambridge researchers. The number of new, active websites are increasing at over 26% a year, and the volume of web traffic to commercial websites is typically seeing double-digit annual growth in many sectors.
Not only are many businesses taking their processes online, but many are also increasingly integrating their data flows and information systems into centralized enterprise resource planning suites and manufacturing information systems. While a centralized data solution is efficient for customers and companies alike, however, the end result is business activities that are more vulnerable to cyberattacks on IT systems.
2. Growth of E-Commerce and Reliance on Internet for Revenue
The exposure to cyber threat is growing most rapidly in the retail and commerce space, where new online business models are challenging traditional business processes. In the U.S., e-commerce sales exceeded half a trillion dollars in 2018, up 13% from 2017. E-commerce now represents 14 cents in every U.S. dollar spent in retail, almost triple its market share a decade ago.
According to Cambridge researchers, this increasing reliance of the economy on the internet increases the vulnerability of business processes to the disruption of the technology, connectivity, and interconnected supply chain of systems that facilitate it.
3. Attacks on Digital Supply Chains
Companies are increasingly digitizing their supply chains. The digitization of physical assets lengthens the supply chain attack surface, increasing the potential for a single attack to ripple across multiple industries.
Services and assets that were once held in-house are transitioning to digitally outsourced vendors. Information and operational technologies are expanding to more integrated online/offline mediums. Even traditional brick-and-mortar sectors are increasingly blurring the lines between their physical and digital assets: think connected vehicles in fleet management.
In a 2018 survey of 1,300 companies across the U.S., Canada, the U.K., Mexico, Australia, Germany, Japan, and Singapore, two-thirds of companies said they have been targeted with a supply chain attack costing an average of US$1.1 million per attack, and 34% of companies reported that their operations had been disrupted.
For U.S. companies, the average cost is $1.27 million per attack.
Though U.S. organizations averaged a 12-hour response time, attacks can take up to 63 hours to detect and remediate. For many companies, downtimes of this duration can lead to heavy losses and reputational damage.
Some industries are at greater risk than others:
Manufacturing typically experiences an unusually high volume of reconnaissance behavior, accounting for 46% of all cyberattacks in 2017. This suggests that attackers are mapping out manufacturing networks to locate critical assets.
Energy systems are particularly at risk because of their social and economic importance. This complexity increases the vulnerability of the energy supply chain to accidental and deliberate intervention, which in turn increases the vulnerability of all individuals and businesses relying on that supply of energy. This includes links to other industries such as agriculture, food production, and transport. This risk was demonstrated in April 2018 when four U.S. pipeline companies experienced a cyber attack-related shutdown lasting several days of their electronic systems used for communicating with customers.
Software supply chain attacks are commonly seen with trojan apps and malicious code hidden in software updates. When a user downloads an application or update, they unknowingly download the malicious code as well. Most commercial antivirus applications will detect more common, generic intrusions.
Looking forward, the industrial robotics sector unlocks a broader attack surface. An industrial robot is an automated, programmable machine used in manufacturing. It is generally capable of movement on two or more axes, which means the function an individual robot performs is often quite simple, such as linear welding. The International Federation of Robotics reports that global robot installations are expected to increase by 15% on average per year from 2018 to 2020, representing over 1.7 million new industrial robots installed in factories around the world. These are highly vulnerable systems, with a large risk for attack.
Bonus Risk: TRITON A New Breed of Destructive Malware
One of the most serious recent cases of physically destructive malware has been TRITON. Emerging in the last two weeks of 2017, TRITON is a malware specifically designed to attack industrial control systems (ICS). TRITON is the first malware constructed to disable the safety systems within an industrial environment.
So far, TRITON has only surfaced in one target. In that deployment, a failure in TRITON’s code caused industrial operations to halt. The halt in operations alerted authorities. TRITON has also allegedly targeted a petrochemical facility located in Saudi Arabia. Several researchers have commented that the construction of TRITON requires an advanced skillset and intimate knowledge of industrial control and safety systems, which was confirmed with the realization the malware was likely reverse-engineered. As TRITON illustrates, malware designed to cause disruption and possible destruction is evolving to higher levels of sophistication and effectiveness.
Protect Your Business Against Cyber Risks
Business owners can protect their businesses against these and other cyber risks with cyber liability insurance coverage. Cyber liability protection is designed to help your company recover and recoup losses resulting from a cyberattack. Cyber liability could help you notify clients if their personal information has been breached, cover you against financial losses from business interruption and lawsuits, and even help with reputation management after a breach.
The internet is constantly moving forward at an unstoppable speed, transforming the way you do business, interact with clients, make money, and operate. And that means your risks are constantly evolving, too. Let the business insurance professionals at Aegis Insurance Markets find the right coverage for your business, so you don't have to worry about these—or future—cyberattacks shutting you down.