Cybersecurity and insurance: Artificial Intelligence strongly increases cyber risks

Organizations around the world have been facing for years the growing threat of cyber attacks. As technology evolves exponentially, it also changes the Scope and impact of cyber risksincluding those related to Artificial Intelligence (AI). This significantly increases the challenge for companies to identify and mitigate these risks, and protect their development possibilities.

The consultant Marsh shared some results from its most recent report, Cyber ​​Risk Management Study in the Financial Sector in Latin America 2023, where it is shown that more than 86% of companies in the financial sector of the region considers that malware attacks (including ransomware) will increase in the coming years, and 70% of those surveyed maintain that those related to the abuse of emerging technologies will increase, mainly AI.

Cyber ​​attacks on the rise

Beyond the financial sector, and according to Marsh’s First Risk Study for National and Family-owned Latin American Companies 2023, the Cyberattacks are the second most worrying risk to the respondents. According to the State of Cyber ​​Resilience 2022 report carried out together with Microsoft, the 73% of organizations globally have already been victims of a cyber attack.

“Cyber ​​risk is one of the most critical risks for most organizations. Successfully countering cyber threats must be a primary objective in business strategy. The key is to view cyber risk as an organization-wide resilience opportunity. Instead of making independent investments in cyber defense, we must address and minimize such a complex risk in a comprehensive manner,” commented Edson Villar, Cyber ​​Risk Consulting Leader at Marsh for Latin America.

Cybersecurity and the importance of insurance

According to the People Risks study, cybersecurity and data privacy were classified as the main risk for the second consecutive year. Only one in three respondents (35%) believe they have adequate staff to manage the risks of accelerated digitalization, while just under half (48%) believe they have cybersecurity policies, controls and support systems in place effective, such as multi-factor systems, authentication, vendor management or data encryption, in place.

While many organizations have business continuity and disaster recovery plans, The impact that a cyber attack can have is underestimated a general level. In Latin America, there have already been cases of cyber attacks with losses exceeding US$50 million. “In addition, let us not forget that, depending on the sector of activity, a cyber attack on a company can put the most critical infrastructures of a country at risk,” said Villar.

“Mitigation is a ‘must‘, but It is increasingly critical to have risk transfer alternatives, such as insurance. “Latin America is a market still developing, but in constant growth, which is undoubtedly very good news for the protection of companies in our region,” he commented. Paula Ordoñez, FINPRO Leader for Marsh Latin America and the Caribbean.

Trends in cyber risks

• Sophisticated ransomware: In 2020 alone, Ransomware attacks increased by 435%, and cybercriminals are currently developing ransomware variants that are increasingly sophisticated and stealthy. These can paralyze business operations and cause significant financial damage.
• Cloud-targeted attacks: Organizations must be prepared to address specific attacks targeting systems and data stored in the cloud, requiring a comprehensive security approach that includes strong authentication, encryption, and constant monitoring.
• Threats to IoT devices: Targeted attacks on IoT (Internet of Things) devices can have devastating consequences, as these devices often lack adequate security measures. This year, an increase in attacks targeting smart homes, smart cities, and IoT-based industrial systems is expected.
• Advanced social engineering: 95% of cybersecurity problems are due to human error and attackers know this, as they use more advanced social engineering techniques to deceive employees and gain access to sensitive systems and data.
• Threats to Artificial Intelligence (AI): Cybercriminals are developing techniques to attack and manipulate AI systems, which could have significant consequences in areas such as automated decision-making, threat detection, and data privacy. Similarly, criminals are also using AI to boost their attacks, as in the case of what is known as “deepfake”.

What companies should do to protect cybersecurity and data privacy

Given these trends in cyber risks, Organizations must take a proactive approach to protect yourself. Some key measures include:

• Regularly train employees about best security practices, how to recognize and avoid social engineering attacks, as well as understanding your role in the event of a cyber crisis.
• Implement robust security solutions, such as firewalls, advanced malware detection and prevention systems, and cloud security solutions.
• Keep systems and software up to date with the latest security patches.
• To establish a cyber incident response plan and conduct drills to be prepared in case of an attack.
• Define and periodically test a Business Continuity Plan, Crisis Management Plan and Disaster Recovery Planconsidering cyber threat scenarios.
• Transferring risk through cyber risk insurance will reduce the materialized impacts of companies.
• When Companies have cyber risk insurancemuch of the success of this quick response lies in the claim process accompanied by a specialized team.

“Together, we have the power to shape the future and ensure our digital world remains safe, trustworthy and inclusive. When companies have cyber insurance, the rapid response capacity lies in the claims process accompanied by a specialized team,” Villar concluded.