Aon plc has published its 2023 Cyber Resilience Report, showing that major cyber incidents on average resulted in a nine per cent decrease in shareholder value for affected companies in the year following such events.
Released August 1, the report looks at cyber risk, operational risk, insider risk and systemic risks. They say insurance claims are rising against this backdrop, with a 38 per cent increase in ransomware claims between the fourth quarter of 2022 and the first quarter in 2023.
“The report serves as a guide to help business leaders benchmark their organization’s cyber risk maturity against peers and make better decisions when managing cyber across six risk areas: cyber, operational, supply chain, insider, reputational and systemic,” they write.
Aon’s global cyber leader, Christian Hoffman says “companies have experienced new forms of volatility over the last four years, experiencing a rise in the frequency and severity of cyber threats and ransomware events, followed by a cyber insurance market with rising premiums and retentions and significant underwriting scrutiny.”
He adds that C-suite executives are increasingly seeing that cyber events have the potential to impact all areas of a company’s business. “Achieving cyber resilience is a recurring theme in boardroom discussions and the threat is now being addressed from a holistic risk perspective.”
The report’s section on financial and insurance organizations suggests that companies need, at least annually, to review and assess the design and effectiveness of their cyber security policies and procedures. “New risks and vulnerabilities are detected daily, and finance and insurance industry leaders ranked the threat of a cyber-attack or data breach as the top risk in Aon’s most recent Global Risk Management Survey,” they write. “The sector faces a complex globally interconnected risk landscape.”
They add that emerging technologies and new business models also continually alter the terrain – mobile wallets are one fundamental development, the snowballing progress of FinTech are noted as another. “This new sector, FinTech, exponentially expands the attack footprint and introduces even more third-party vulnerability to larger financial institutions that connect to these smaller, less sophisticated companies.”
Meanwhile, information technology (IT) spending on security rose globally in 2022. According to the report, eight per cent of company IT budgets in finance and insurance were dedicated to security during the year.
The report also warns of a resurgence of aggressive threat actor groups again targeting financial services companies. “Those attacks are succeeding in a majority of cases,” they state.