featured Corporate /en/research-insights/featured/cyber-risk content esgSubNav
Discover more about S&P Global’s offerings

  • Cyber Risk: The Other Virus Threat

    The rising number of cyberattacks during the pandemic, coupled with the additional security risks of remote work, has forced almost all organizations to speed up their digital transformation plans. New security technologies are coming to the forefront, as the latest defenses for corporate cybersecurity.

    Published: October 1, 2020

    • Watch a Summary

Listen and Subscribe to the Essential Podcast

Financial Cyber Crime

Cyberattacks rise in pandemic's 'perfect storm' — reminding banks of risks ahead

A rising number of cyberattacks aimed at the financial sector during the coronavirus pandemic has sent a warning to banks to improve their cybersecurity measures to protect themselves against future risks.

Attacks against the financial sector increased 238% globally from the beginning of February to the end of April, according to data by Carbon Black Inc., a unit of VMware Inc. that offers cybersecurity technology to financial institutions.

FinCEN leak is a 'wake-up call' for EU to address financial crime, MEP says

Leaked documents from the U.S. Financial Crimes Enforcement Network showing $2 trillion in suspicious transactions reported by global banks, including some of the largest institutions in Europe, are "a wake-up call" for EU authorities who need to take urgent action, EU parliamentarian Sven Giegold told a press conference.

Read the Full Article

Utilities

Cyber Risk Management For U.S. Municipal Utilities Should Be Routine And Requires Vigilance And Flexibility

S&P Global Ratings believes that cyber risk is an important factor to consider when evaluating credit and has become a key credit focus of risk management for many U.S. municipal utilities.

The threat to organizations and the credit impact could get worse before it gets better with the prevalence of cyber breaches and the growing sophistication of cyber criminals. Municipal water and wastewater utilities must develop cyber defense frameworks to prepare themselves for such incidents to ensure continuity of delivery, maintain clear communication with their customers, and have recovery plans in place.

Cyberattack uncovers shortfalls in natural gas pipeline security

A cyberattack on a natural gas compression facility highlighted longstanding concerns that some pipeline operators are not deploying best practices to foil hackers.

The U.S. Department of Homeland Security revealed the attack on an unnamed pipeline system in a Feb. 18 alert. The attackers gained access to information technology systems, infecting them with ransomware that jumped to operational technology systems, or OT systems, which control industrial systems in factories, plants and infrastructure.

Read the Full Article

Telehealth

Surge in Telehealth Usage Raises New Cyber Risk, Fraud Concerns – Experts

As telehealth usage has skyrocketed during the COVID-19 pandemic, cyberattacks, fraud and abuse have emerged as threats to its future growth. The U.S. Department of Health and Human Services temporarily relaxed regulations in March so that providers could reach out to patients more easily through services such as Apple Inc.'s FaceTime or Skype Inc.'s video conferencing platform.

Key Takeaways:

  • Between the second and third weeks of March, when the pandemic was accelerating in the U.S., searches on the dark web for telehealth company names and key words — like Teladoc Health Inc., Doctor on Demand Inc., Amwell and PlushCare Inc. — climbed 144%.
  • Telehealth companies saw a 117% surge in IP reputation security alerts caused by malware infections from phishing attempts or other cyberattacks, according to the report.
  • Meanwhile, the healthcare industry overall saw a 77% decrease in these same incidents, suggesting steps have been taken to reduce risk.

Insurance Opportunities

Cyber Risk In A New Era: Insurers Can Be Part Of The Solution

The COVID-19 pandemic is forcing almost all organizations to speed up their digital transformation priorities. This rapid transformation will inevitably increase systemic vulnerabilities to cyber attacks, leading S&P Global Ratings to expect the next decade to be the most important period of growth for the cyber insurance market.

Currently, commercial and private cyber insurance premiums total about $5 billion, and Ratings expects this to increase 20%-30% per year on average in the near future. As the market gains critical mass, providers should continue to build out their platforms and product offerings and focus on robust underwriting skills.

As Threats Grow, Cyber Insurance Seen as More of a Necessity

Businesses are treating cyber liability insurance as less of a luxury and more of a necessity as larger numbers of customers are drawn into the market and existing clients seek higher coverage limits, according to Advisen Ltd. surveys.

A global survey of risk managers and insurance buyers undertaken by Advisen and Zurich North America found that the take-up rate for cyber insurance continues to climb, with 78% of respondents having purchased such coverage.

Read the Full Article

COVID-19 crisis could be 'watershed' for cyber insurance, says Swiss Re exec

The coronavirus crisis could be a "watershed moment" that leads to mass take-up of cyber insurance, according to Swiss Re AG's head of cyber product management.

Read the Full Article

Insurance Risks

Ransomware spike threatening cyber insurers' profitability – Guy Carpenter exec

An increase in ransomware attacks has become an "exposure game changer" and is "materially threatening" the profitability of cyber insurance businesses, according to an executive at reinsurance broker Guy Carpenter & Co. LLC.

Erica Davis, leader of Guy Carpenter's North America cyber center of excellence, told journalists Sept. 10 that the Marsh & McLennan Cos. Inc.-owned reinsurance broker had modeled the cyber industry's loss ratio at 50.3% through 2018 on a premium-weighted average, but ransomware attacks have "ramped up" since then.

Growth of ransomware threat 'unsustainable' for cyber insurance industry

Ransomware attacks soared in the second half of 2019, and industry experts are concerned that the cost to insurers is growing at rates unsustainable for current policies. Businesses and organizations are more often being forced to pay hackers as they target operations that cannot suffer downtime from increasingly sophisticated attacks.

Read the Full Article

Future

SASE, ZTNA and XDR: Three Security Trends Catalyzed by the Impact of 2020

For years, we in information security have been talking about the need to consolidate a very fragmented collection of tools and technologies. Now, with larger trends driving change throughout IT, cybersecurity must adapt as well.

In this report, 451 Research, a part of S&P Global Market Intelligence, takes a summary look at three of these – secure access service edge (SASE), zero trust network access (ZTNA) and XDR (where the 'X' is a placeholder for the intersections of techniques that contribute to threat detection and response, reflected by some through adoption of the term 'eXtended' for the placeholder) – and how the unanticipated events of 2020 are shaping their adoption.

Key Takeaways:

  • SASE: Secure access service edge, or SASE (pronounced 'sassy') is not just one technology. It is a set of capabilities, many of which have long been familiar to the enterprise, made available as a service and accessible in principle from virtually anywhere.
  • ZTNA: Under zero trust network access, or ZTNA, the seeker must present sufficient evidence to make the case for an access decision – 'evidence-based' access control, if you will, rather than access predicated on simply trusting that simplistic conditions are enough.
  • XDR: The shift in network security architecture driven by long-term trends such as IT as a service, as well as near-term factors like COVID-19, is having an impact on yet another trend shaping up in infosec: the bringing together of technologies and practices in threat detection and response.