Quorum Cyber had the pleasure and privilege to participate in NetDiligence’s annual Cyber Risk Summit in Philadelphia from September 30th to October 2nd. As someone who is always keen to engage with peers across the Incident Response and Threat Management industry, I walked away from the event with a feeling of tangible excitement about our industry’s collaborative mindset, hard-won expertise, and forward-thinking about combatting the ‘unknown unknowns’ we’re all managing.
In her opening remarks, Lori Bailey, Head of Global Cyber & Technology at AXIS, discussed the legacy of ‘Maturity Moments’ in cyber insurance, and gave examples like NotPetya, the rise of ransomware during the pandemic, and most recently the July 19th global CrowdStrike incident. It seemed to me that these maturity moments are reflections of maturation across the broader cybersecurity and technology ecosystems.
In today’s digital world, we take for granted how reliant we are on modern systems’ deep interconnectedness, because it’s invisible when everything is working as intended. It’s usually only when things fail that the world gets a painful reminder that this interconnectedness carries risk.
Even the savviest people often don’t know exactly where and how the myriad systems we depend on are interconnected, how they interoperate, and ultimately what risks we are unknowingly accepting. The upshot here is that adversaries don’t necessarily have that blueprint either. But make no mistake, nation-state threat actors and cybercriminals alike know the points of interconnectedness and create avenues to deliver maximum impact to their targets.
Blurring lines in the cybercriminal world
As Niloofar Razi Howe, investor, entrepreneur, and board member, mentioned in her fireside chat during the Cyber Risk Summit, the lines between nation-state actors and cybercriminals continue to blur. It’s no surprise to our industry that the war in Ukraine has taken up the time of some Russia-based threat actors. This has created a vacuum which other organized cybercriminal groups, as well as nation-state adversaries not engaged in Ukraine, have stepped into.
But, while threat actor motivations and resources certainly do affect the tactics, techniques, and procedures (TTPs) they may leverage, the majority of incidents are not the result of a sophisticated novel chain of exploits. The economics of cybercrime direct threat actors to those activities which are most likely to return on the investment. But the investment needed to compromise the majority of the world’s organizations is still far too low – especially in the mid-market.
According to NetDiligence’s Cyber Claims Study 2024 report, of the 10,000+ claims analyzed, 98% came from small and medium sized enterprises (SMEs). The losses are staggering, with a $50 million ransom payment reported and another $40 million ransom paid by a mid-cap enterprise. Five claims were above $100 million, and of those, two were from organizations with less than $700 million in annual revenue. Without a great insurance partner, I struggle to think how any organization would be able to weather a loss like that.
Within SMEs, the most commonly impacted industries are:
- Professional services
- Healthcare
- Manufacturing
- Financial Services
- Retail.
These industries represent 50% of claims and 58% of losses. SMEs in these industries store sensitive data, manage complex operational environments, and heavily rely upon fragile third-party ecosystems. As evidenced by the claims data, they often lack the budgets, skills, and resources necessary to apply advanced cybersecurity techniques sufficient to address the threats which focus on them.
How can the cybersecurity industry make the most of AI?
Artificial intelligence (AI) was a prominent topic at NetDiligence, with discussions focusing on its applications in addressing cybersecurity challenges, potential threats to AI, large language models, and the ways threat actors might leverage AI for more efficient compromises. This theme continued at a Microsoft Security Discovery Day event in New York City, where Chief Information Security Officers (CISOs) and Security Operations teams explored how to effectively apply tools like CoPilot for Security and justify the necessary investments to achieve desired outcomes in cybersecurity. It was also discussed at Quorum Cyber’s event, AI in Cyber Security: Navigating the Future, in London in September.
Security Operations leaders expressed concerns about alert backlogs and the struggle to keep pace, hoping AI could automate much of the labor-intensive incident investigation process in Security Operations Centers (SOCs). Without such investments, teams risk falling behind, creating blind spots and opportunities for attackers. While AI won’t replace human decision-making, SMEs with limited staffing should consider using AI tools and partners to enhance their capabilities. The first step is understanding and governing the data they handle, underscored by recent large-scale data exposures like those involving Change Healthcare, Ticketmaster, and National Public Data, which highlight the critical need for robust data management and security practices.
Positive news in the cyber claims industry
One of the many positive takeaways from NetDiligence Cyber Risk Summit 2024 is that there has been a year-on-year decrease in both the number of cyber incident claims, as well as the average cost of those claims. The work that cyber product leaders are putting into underwriting seems to be having an effect, as it is pushing those underprepared organizations to implement the bare minimums like multi-factor authentication (MFA) and endpoint detection and response (EDR). Much work is still needed, but the wealth of pre-breach services available from legal providers and companies like Quorum Cyber will help.
I’d like to see more cyber product leaders at the carriers and brokers approaching insurance customers with the carrot of discounted premiums for adopting such services, as well as more vendors offering discounted services through their insurance partners. The big takeaway though is that it truly does take a community of specialists to handle the complexity and volume of cyber incidents we are all still dealing with. Thankfully, that community is full of some of the brightest individuals I know, and even amongst competitors there is a strong desire to help each other help good people win the fight.
Learn more about Quorum Cyber’s services
To learn more about how we can defend you from cyber-attacks, contact us today.
