Cyber risk is a major and fast-increasing threat to businesses with cyber-crime alone costing the global economy approximately $445 billion a year and reaching $108 billion annually in the U.S., according to a new report compiled by insurance firm Allianz Global Corporate & Specialty (AGCS).
“As recently as 15 years ago, cyber-attacks were fairly rudimentary and typically the work of hacktivists, but with increasing interconnectivity, globalization and the commercialization of cyber-crime, there has been an explosion in both frequency and severity of cyber-attacks,” said Chris Fischer Hirs, AGCS’s CEO, in a statement.
The U.S. transportation industry is right in the crosshairs of this trend, too, especially trucking, as many carriers continue rely on a “patchwork” of different information technology (IT) systems to conduct business electronically, noted Matt Foroughi, VP of information security for the Descartes Systems Group.
“Trucking companies face similar problems as the rest of industry,” he told Fleet Owner. “In particular, they may have many different legacy systems spread across a wide geography. Patching and staying up to date is essential. They should also be sure to use secure communication protocols when communicating with third parties.”
The value of data and the need to offer greater protection for it is also going to drive the cost of cyber-specific insurance policies higher, noted AGCS in its report, entitled A Guide to Cyber Risk: Managing The Impact of Increasing Interconnectivity.
The company noted that increasing awareness of cyber exposures as well as regulatory change will propel the future rapid growth of cyber insurance. With the premiums for cyber insurance projected to grow globally from $2 billion per annum today to over $20 billion over the next decade; a compound annual growth rate of over 20%.
“Growth in the U.S. is already underway as data protection regulations help focus minds, while legislative developments and increasing levels of liability will see growth accelerate in the rest of the world,” noted Paul Schiavone, regional head of financial lines in North America for AGCS.
“Previously, attention has largely been focused on the threat of corporate data breaches and privacy concerns,” he explained. “But the new generation of cyber risk is more complex [as] future threats will come from intellectual property theft, cyber extortion and the impact of business interruption following a cyber-attack or from operational or technical failure; a risk which is often underestimated.”
Schiavone believes within the next five to 10 years, “business interruption” will be seen as a key risk and a major element of the cyber insurance landscape, not only affecting IT computer systems, but also extending to industrial control systems (ICS) used by energy companies or robots used in manufacturing.
Increasing inter-connectivity of everyday devices and growing reliance on technology and real-time data at personal and corporate levels – often grouped under the moniker the “Internet of Things” – will create further vulnerabilities, he stressed.
“Some estimates suggest that a trillion devices could be connected by 2020, while it is also forecast that as many as 50 billion machines could be exchanging data daily,” he noted. “ICS are another area of concern as a number of these still in use today were designed before cyber security became a priority issue. An attack against an ICS could result in physical damage such as fire or explosion, as well as business interruption.”
Where trucking is concerned, Descartes’s Foroughi offers some IT security tips for trucking companies:
- Always run supported software, operating systems and hardware and apply patches in a timely manner with a tool that can automate the process and provide compliance reporting;
- Train your staff in security concepts;
- Run a centrally-managed antivirus program that updates signatures frequently and protect all Operating systems;
- Collect and correlate your log sources for global awareness is essential;
- Have frequent backups and disaster recovery plans;
- Scan your environment for vulnerabilities frequently, and remediate the findings.
He added that training in cyber-security protocols – and frequently updating that training – is essential.
“End users are on the front lines of cyber security threats [so] it is essential to convert your employees from being cyber security liabilities, to cyber security assets,” Foroughi explained. “This can extend to other parts of the organization include research and development, finance, and human resources. Well-trained employees are the ones who report security vulnerabilities to the IT security department.”