Covid-19 has made soft cyber targets even softer: RMS’ Thomas
The onset of Covid-19 has made soft cyber targets even softer at a time when the pandemic has already led to a spike in the number of cyber attacks taking place around the world, according to RMS’ Russell Thomas.
Thomas explained that as with other major events, such as a natural disaster, an assassination attempt or war, the pandemic has led to an increase in the number of cyber attacks.
“There’s always an uptick of cyber attacks that are tied to [events like those] in terms of phishing emails and other things,” Thomas, who serves as principal modeler – cyber risk for RMS, told The ReInsurer.
This increase in cyber attacks has come at a time when there has been a surge in the number of people working from home, which has again heightened the cyber risk, Thomas explained.
“Administrators are not used to managing remote workers, and they may not have the same security checks [in place],” he explained.
These heightened threats have arisen at the same time as the cyber risk landscape experiences some major structural changes.
The shift to cloud-provided services, software as a service and the trend of companies employing fewer or smaller in-house IT teams means that insurers’ potential exposure to cyber events has grown.
Whole industries and areas of the world are suffering economically, and that has led to cost cutting measures which can, in turn, introduce fragility to organisations.
“This is perhaps one of the most important longer-term trends,” said Thomas.
“[If you look at] the decline of retail in the US, the fragility of state and local governments [and] education organisations – the softer targets are getting softer due to [Covid-19].”
“The adversaries continue to innovate and it’s often a test and repeat and evolutionary process. They continue to probe and shift their tactics according to where the opportunities are, and the pace of innovation on the adversary side is just going to continue.”
Aggregation risk remains one of the key concerns to insurers. RMS is currently on the fourth generation of its solution to help insurers keep track of the risk on their books, and is soon to release a new update.
As Thomas explained, aggregation risk through cloud services service interruption, either through adversarial or accidental actions, is one of the greatest concerns, and RMS is working hard to develop solutions to support clients.
“For an insurer, this is something they probably have the least visibility on because they may not have a lot of claims history,” Thomas said.
RMS models the impact cloud outages could have on both a global and specific geography basis, as well as by provider.
“We also work with data partners to help identify which cloud services are used by which individual companies,” he said.
“That gives us a pretty fine grain resolution to help us understand under different loss scenarios which companies might get hit and therefore what the aggregation risk is associated with it.”