It looks like boom times for the cyber risk industry, but there’s a degree of uncertainty about what is actually covered by insurance policies…:
[…] Look a little deeper into these numbers, and you’ll also see that the “typical” target of malicious hackers – if such a thing can be said to exist – is changing. Just a few years ago, most cyber criminals were focused on breaching the defenses of large corporations who could afford to pay large ransoms for the return of their data. This led to an arms race between enterprises and (sometimes state-sponsored) criminals, with large corporations rapidly expanding their cybersecurity infrastructure.
For now, it seems that this has worked, but that’s bad news for smaller companies. With large companies putting in place sophisticated cybersecurity systems, malicious hackers have turned their attention to smaller, less well-protected companies. As Forbes recently reported, this means that mid-sized companies are under a greatly increased threat at a time when many lack the necessary security resources and expertise.
These changing tactics can be seen at work in a few different ways. Threats like the ever-popular ransomware, which can be particularly dangerous for mid-size companies, are on the rise. Likewise, the Covid-inspired work from home phenomenon has made the sometimes cobbled together support infrastructures into high-risk targets.
While the use of some defensive tools has risen to prominence in an attempt to stay ahead of attacks, the reality is that all the tools in the world don’t help much when employees don’t know the first thing about securing their home work environment against cybercriminals, leaving company IT teams to spend every day scrambling to put out a never-ending procession of security emergencies.