Ransomware costs to reach $20 billion in 2021

Cyber risk is increasingly a balancing act between risk and opportunity, according to Aon’s annual cyber report. It concentrates on four key risks that are critical today: Navigate new exposures, Know your partners, Concentrate on controls and Perfect the basics. 

Only 40% of organisations report having adequate remote work strategies to manage the risks associated with WFH. 

”As part of an enterprise-wide approach, it is essential to identify the cyber risks and threats; mitigate risks as appropriate through best cyber security practices; prepare and be ready for incidents; and consider which part of the risk to transfer off the balance sheet through insurance, and then scrutinise current and available policies to ensure new risks are covered,” it states.

Meanwhile, just 21% of firms report having baseline measures in place to oversee critical suppliers and vendors. The report highlights last year’s SolarWinds hack, noting that it takes just one undefended back door to compromise business viability.

“Managing third-party risk truly demands a continuous assurance model, with ongoing cyber scanning and threat hunting, for example via red teaming. Organisations must also become prepared to respond, and are tasked with choosing the right incident response vendor.”

Less than a third (31%) report having adequate business resilience measures in place to deal with ransomware threats and a slightly higher proportion (36%) report having adequate levels of data security preparedness.

This is particularly alarming given the rapid rise in ransomware attacks, which are becoming more targeted, with ransom amounts increasing substantially in recent years.

“Business costs associated with ransomware are expected to reach USD 20 billion in 2021,” according to the report. “Ransomware is no longer confined to the simple model of ‘pay to decrypt’, and data may be extorted, breached, or even erased. Business interruption is highly likely.”

It recommends taking steps to reduce your firm’s exposure footprint, and minimise the impact of data exfiltration and that firms only retain qualified cyber security professionals to identify vulnerabilities, establish business continuity plans, and assist with breach response.

Construction and manufacturing lag behind

Each industry has been given a scoring based on their risk maturity. The construction and manufacturing sectors are currently trailing behind other industries in terms of cyber risk preparedness, according to the scoring.

The study found that 60% of manufacturers do not implement two-factor authentication, a critical additional security layer. Perhaps most surprisingly, manufacturers fall below the cross-industry average for both incident response and business continuity readiness.

The report closes with a discussion on emerging risk. It identifies artificial intelligence, alternative payments, retirement plans. the technology supply chain and the Dark Web as at the forefront of evolving cyber exposures.