Could your connected fridge be the newest cybercriminal recruit?

Could your connected fridge be the newest cybercriminal recruit? Last month saw the largest denial-of-service attack in history, which took down some of the world’s biggest websites, including AirBnB, Twitter, The New York Times and the BBC. Cybercriminals harnessed the internet of things (IoT) to carry out the attack, highlighting the vulnerability of the billions of connected devices around the world.

Recent attacks on Three Mobile, Tesco Bank, Yahoo, and TalkTalk prove that every company is a potential target, and should be a real wake up call to global business leaders. Whether you are a small, local business, or a multinational brand – the question isn’t “will you be attacked?”, because you probably have been already.

With vast networks of connected devices plugged into global digital infrastructure, and business value increasingly defined by intangible assets, this is a threat that knows no borders, time zones, or limits. In the insurance business, it is classed as one of the most complex and challenging man-made threats out there. 

I spend a lot of time meeting with executives and government officials right across the world. Over the last year I’ve heard how concerned the C-suite is with this fast-evolving threat. However, recent Lloyd’s research reveals that there are still worrying levels of complacency.

We spoke to nearly 350 senior business decision makers across a range of industries in Europe – including retail, healthcare and finance. Most of them said their companies had experienced a breach, but the majority felt confident they would not be targets in the future.  So while there is concern, it’s undermined by a false sense of security.

Let me give you a few other findings from the survey.

Retail: 90% of companies have suffered a data breach over the past five years, yet only 42% of businesses in this industry worry this may happen in the future.

Healthcare: 96% of healthcare and medical businesses have suffered a breach in the last five years, yet less than a third of these businesses worry about being targeted again in the future. The healthcare sector is increasingly attractive to cyber-criminals because it holds highly sensitive data.

Banking and finance: 87% of businesses have suffered an attack over the past five years but less than half fear this will happen again in the future. A recent report by Symantec highlighted the increasing sophistication and frequency of these attacks – so banks will remain top cyber-threat targets.  

But what will be enough to spur businesses into action?

Here are 5 things that the insurance industry can do to make it easier for businesses to understand and protect themselves from this fast moving threat:

1.      Partner with businesses to help them understand their exposure, and how they can mitigate and protect themselves from it. By analysing their assets and vulnerabilities, we can work with them to establish and implement their cyber risk strategies.

2.      Simplify the cyber insurance-buying process. While exposures can vary across different industries, establishing a more standardised approach to risk assessment would help eliminate duplicative underwriting evaluation by co-insurers. Insurers should also introduce common terminologies and definitions where possible, providing greater transparency and understanding of cyber coverage for insureds.

3.      Develop cyber insurance products as the risk evolves. Hackers are some of the savviest intruders of our time; as long as technology continues to evolve, so will an attacker’s methods of intrusion.

4.      Ensure we attract the brightest, most digitally savvy talent into our industry to ensure we have people that can deliver the best products and services.

5.      Build trust with the business community and prove that insurance plays a critical role in mitigating and protecting against cyber risk through fast claims payment, and clearly defined cyber policies – explicit in their coverage and exclusions.