The cyber mosquito

Looking at recent stories we’ve run on the topic of cyber risks, it’s clear that one theme emerges strongly: the fragility of not just companies but also nation states to targeted cyber-attacks. Whether its SolarWinds, Microsoft, Switzerland or the United Arab Emirates, no-one can deny the scale of the problem around cybersecurity risk.

Defences are sophisticated but then so are the hackers. They have realised that all it takes to cripple even the biggest of entities is to exploit their vulnerabilities. A poorly installed patch can be all that it takes to bring down a corporate behemoth- or even more worryingly, a number of corporate behemoths.

For the reality of cyberspace in 2021 is just how interconnected and inter-dependent so many businesses and government organisations are. All it takes is the mining of a specific weakness in the system and boom! The hackers are in and the damage can be severe and widespread.

Just look at the recent SolarWinds hack, which really got under the skin of corporate America because it exposed not just the fragility of business but also key government departments. There the hackers manged, like a tech-savvy mosquito, to enter into the corporate bloodstream by attaching their threat to a critical SolarWinds tool used by tens of thousands of customers.

This methodology then allows the ecosystem to transmit the risk into the many parts of the extended system. A brilliant and very effective method of exploiting the inherent weakness in the larger system.

Worried? You should be. COVID-19 has been the terrible wake-up call when it comes to systemic risks, but it’s clear from the growing scale and severity of interconnected cyber-attacks that cyber-related systemic risks are very much one of – if not the most – important emerging risks we need to tackle.

Help is at hand, and the market is very much alive to the issue. For example, risk managers, brokers and insurance carriers should be aware of the recently released Cyber Insurance Framework issued by the New York Department of Financial Services (NYDFS), which lays out formal strategies for measuring and managing cyber risks. It is a really sensible and pragmatic document and is well worth reading!

As, we hope, is our regular newsletter!

Enjoy the read,

Marcus Alcock,

Editor, Emerging Risks