Cyber ‘a top one or two’ risk for most businesses: CFC’s Burns

Cyber is now a “top one or two” risk exposure for most businesses, James Burns, CFC Underwiting’s head of cyber, said yesterday. 

“Look at what’s happened over the course of the 24 months,” he told speakers today. “It feels unprecedented - the nature of the threat environment has not just shifted but transformed in a really really short space of time.”

In Sophos' State of Ransomware report for 2022, the company found that 66% of surveyed organizations were hit with ransomware in 2021, up from 37% in 2020. Cyber rates have soared as a consequence.

Amid rising demand, Guy Carpenter estimates that cyber premiums will hit $20 billion globally by 2025, up from $10 billion last year.

However, dire warnings that Russia’s invasion of Ukraine, which began in February, would lead to a dramatic worsening of the risk environment have not come to pass. 

Tom Bennett, team leader of cyber threat analysis at CFC, explained that hackers in Russia may be focusing on Ukraine specifically rather than gunning for their more traditional targets in the West.

“Whether it means there is less crime elsewhere or more crime elsewhere is very hard to unpick because at any given time the factors that lead to whether a crime was committed or not are so complicated, you could never unpick them,” he explained. “But it’s probably had a small role in [the sense of] a small drop in activity in the UK, US and Canada.”

Bennett pointed to internal disagreements within the Conti group, one of the most notorious ransomware gangs of recent years, as a potential distraction for the criminals.

The gang trumpeted its support for Russia at the outset of the war, but was promptly humiliated by a series of leaks from a disgruntled member unhappy with the war.

However, few experts believe that the current lull in attacks against the traditional targets of cyber criminals will last much longer.