Cybersecurity is paramount to preserving the financial integrity and consumer trust of insurance companies and the businesses and personal finances of policyholders. The 2024 Cybersecurity Benchmarking Survey by ACA Aponix and the National Society of Compliance Professionals (NSCP) asked compliance professionals what they perceive to be the top threats this year and found email phishing and ransomware top the list, as expected, but a growing threat to watch for is deepfakes.
Businesses must ensure they have strong cybersecurity measures in place and implement best practices to avoid financial damages and losing consumers’ trust. While large corporations are more apt to integrate cybersecurity into everyday interactions, smaller mom-and-pop businesses are not immune to cyberattacks and must also be prepared. One of the first steps in strengthening cybersecurity is using multi-factor authentication (MFA).
“The simple feature is MFA is in place as well as utilized,” says Dara Gibson, senior manager at Optiv. “Use that authenticator to make sure that you are validating who you are as you’re signing in.”
Businesses need to build cybersecurity training and awareness programs into their plans so employees are aware of warning signs and know what to do when they get a phishing email and don’t postpone software updates. The ACA and NSCP survey reports that 79% of compliance professionals are confident their firm can respond to a cyber breach quickly and effectively, but only 40% of their firms have tested their response plan, which suggests businesses are far more vulnerable to cybercriminals than they think.
“When we were kids, we always practiced fire drills at our school,” said Gibson. “You always know where to walk, how to move forward, and that’s the same thing businesses need to do today, is truly practice those tabletops … if you’ve actually practiced it, then you have that ingrained in your brain.”
1. Business email compromise and fraud
Business email compromise and fraud are rampant cyberthreats that 70% of surveyed compliance professionals recognize as a top concern in 2024, according to the ACA and NSCP survey. Gibson says threat actors bring on these threats through phishing emails. She recommends taking a close look at emails and evaluating the perceived urgency of the request because Al is making it easier and easier for phishing emails to look legitimate.
“It’s no longer just the King of Nigeria with misspellings or misappropriations,” said Gibson. “It’s truly a business organization, lots of business organizations… they’re very finesse in their movements and capabilities.” She shares that fraudsters can lift and copy entire websites, making them look almost identical, except for a slightly different header and website address.
Some questions business owners and employees should ask themselves include the following:
Pausing and asking those questions could mean the difference between a cyberattack and no security breach.
2. Ransomware
Financial losses from ransomware payments are soaring, and these data breaches continue to impose heavy burdens on large businesses, with the average price of a breach reaching new heights. The ACA and NSCP survey found that 67% of compliance professionals are concerned about ransomware attacks in 2024. Mitigating these financial losses requires cyber insurance and cybersecurity training for all employees to recognize warning signs.
“We’re seeing a huge influx of ransomware activity where they get attacked, and then the data is exfiltrated, and then a supplemental attack from another copycat organization may incur as well,” said Gibson.
3. Privacy threats to personal information
Respondents to the ACA and NSCP reported that privacy threats to personal information were another top concern, with 52% of compliance professionals saying it’s on their radar this year.
“From industry knowledge, the reason for the privacy claims is because people are becoming more alert to their privacy regulations, and they’re also understanding that when their data has been impacted, that the organizations have to follow through along with the privacy claims for the regulators to make sure that they’re covered and the regulations are actually qualified,” said Gibson of the results.
4. Al automation
Artificial intelligence (Al) has a dual role in cyberattacks, with both sides using the technology. Gibson says threat actors use Al to enact cyberattacks faster and more efficiently, and the technology helps phishing emails look more authentic. “The good guys, for all intents and purposes, they are also using Al for quicker response times, for containing the threat more efficiently, for utilizing the opportunity to eradicate or get rid of the threat actor,” said Gibson.
The ACA and NSCP Survey found that 38% of respondents don’t see Al as a cybersecurity threat and 27% don’t think Al is relevant to cybersecurity, but 49% are exploring using Al as a cybersecurity tool.
5. Deepfakes
The 2024 Cybersecurity Benchmarking Survey by ACA Aponix and the National Society of Compliance Professionals (NSCP) asked respondents what their top concerns were for cyberthreats in 2024. Surprisingly, deepfakes were at the bottom of the list, with only 5% reporting it as a problem on their radar. However, Dara Gibson, senior manager at Optiv, says deepfakes are a huge and growing problem that has caused personal damage, especially with new technologies available.
“With the enhancement of Al moving forward, that’s where the treacherous movements can come into play because it truly is going to become a wonder of, is that real or is it fake? It’s coming to the stage now where it’s very hard to tell the difference,” said Gibson.
While deepfakes may not seem like a significant threat today, Gibson shares that they will impact tomorrow’s insurance claims.
Contact CMR Risk & Insurance Services, Inc. for risk management guidance and resources.
Article Published By: propertycasualty360.com
Article Written By: Ashley Hattle-Cleminshaw