Growing cyber threat demands a united response

Share
5 min read
The number of UAE companies paying ransoms is 28 per cent higher than the global average. Pexels
Share
  • The dollar cost to organizations of all types due to cyber threat is staggering. It is estimated that the average cost of remediation in 2021 was $517,961 in the UAE
  • The monetary loss from cybercrimes globally is put at $945 billion. When you add to this the global cost of cybersecurity products, it touches $1trn annually

It was reported on December 20, 2021, that the computer virus SirCam had corrupted IT systems at multiple UAE organisations. SirCam, first detected in the UAE on July 17th, attaches itself to the address books of almost any Windows e-mail addresses it finds in the cache file of the web browser of the infected machine.

Research conducted by Cybereason, suggests that the number of UAE companies paying ransoms is 28 per cent higher than the global average; and that 42 per cent of companies who had paid ransoms were forced to close. The threat is by no means restricted to the Middle East, and nobody is immune, not even technology companies. As a case in point, in July 2021, hackers attacked a software product from the IT provider Kaseya, stealing 1,500 companies’ data. They have demanded $70 million in ransom to date.

The threat is by no means restricted to the Middle East, and nobody is immune, not even technology companies. As a case in point, in July 2021, hackers attacked a software product from the IT provider Kaseya, stealing 1,500 companies’ data. They have demanded $70 million in ransom to date.

The Kaseya attack follows a string of serious recent hacks on corporations, including a leading meat processor, a major provider of email services, and of network management supplier, SolarWinds. Of even greater concern is the increasingly sophisticated threat from malign state actors that seek to wage cyber warfare. On May 25, a threat intelligence firm published a report detailing the use of a newly discovered strain of wiper – a malware utilized to overwrite a victim’s data – that disguises itself as ransomware. Dubbed “Apostle” by the firm, the wiper has primarily targeted Israeli computers, in addition to at least one facility in the UAE.

The dollar cost to organizations of all types is staggering. It is estimated, according to a report by Sophos, that the average cost of remediation in 2021 was $517,961 in the UAE. A 2021 report by McAfee estimates the monetary loss from cybercrime globally to be approximately $945 billion. When you add to this the global cost of cybersecurity products, the world is facing an annual loss in excess of $1 trillion.

Insurance Industry Challenge

The current environment has diminished the profitability of the cyber insurance market. Pexels

Picking up much of the bill are insurers and reinsurers. The current environment has diminished the profitability of the cyber insurance market, which has reacted by demanding more underwriting information from clients, at times limiting coverage, and increasing rates and deductibles.

For businesses in challenged industries or with inadequate controls, the cost of insurance is growing exponentially. Further compounding the issue, it has been asserted that to minimize the business interruption that a loss of data would entail, companies with cyber insurance are more likely to pay off hackers. Such a scenario represents a vicious cycle of loss for the insurance sector – one of a potentially existential nature.

In the face of the escalating threat, insurers have a big role to play beyond risk transfer by promoting strong cybersecurity practices and culture across the private and public sectors. In addition to responding to events, they must continue to adopt a more preventive posture by working with clients to increase awareness of the threat posed by ransomware and other attacks and prodding them to encourage safer cyber hygiene by staff as well as better risk management across the organization.

These challenges will only increase, in part because so many companies rely on an ever-growing network of technology service providers, a trend that has intensified with a pronounced shift to digital services during the pandemic. Software vendors in turn depend on their supply chains of companies, component suppliers, infrastructure services, and other so-called fourth parties. The resulting digital ecosystems are typically nonlinear, often highly interdependent, fluid, and relatively opaque.

For businesses, this creates challenges for resiliency and disaster recovery preparedness. For insurers, the lack of supply chain transparency makes it difficult to assess their aggregate exposure. In the face of this escalating threat, insurers have a big role to play beyond risk transfer by promoting strong cybersecurity practices and culture across the private and public sectors. In addition to responding to events, they must continue to adopt a more preventive posture by working with clients to increase awareness of the threat posed by ransomware and other attacks and prodding them to encourage safer cyber hygiene by staff as well as better risk management across the organization.

A united response

Since interests are aligned, companies and insurers should collaborate more closely with government authorities to help combat ransomware. Pexels

Since interests are aligned, companies and insurers also should collaborate more closely with government authorities to help combat ransomware. The latest incident should spur the implementation of President Biden’s recent Executive Order that aims to use the US government’s buying power to drive safer cyber practices across the economy. And if ransomware continues to increase and insurance becomes harder or too costly to obtain, pressure may grow for some kind of federal backstop for cyber risk transfer.

With cybercrime in the Middle East and Africa regions becoming ever more sophisticated, countries must come closer together to harmonize and update their laws, enhance their cybercrime investigative techniques and form a united regional front when cooperating with other allied international partners.

Closer to home, many governments across the Middle East have developed sophisticated cyber safety and digital security strategies that equip businesses and citizens with cyber safety tools. The UAE’s Telecommunications and Digital Government Regulatory Authority have developed the ‘UAE Information Assurance Regulation’ to provide requirements to raise the minimum level of protection of information assets and supporting systems across all entities in the UAE. The regulation sets out to build a trusted digital environment throughout the UAE.

If there is a silver lining to the recent spate of attacks, it’s that they are exposing the scale of the threat for all to see and act upon. With cybercrime in the Middle East and Africa regions becoming ever more sophisticated, countries must come closer together to harmonize and update their laws, enhance their cybercrime investigative techniques and form a united regional front when cooperating with other allied international partners. More than ever, this united response is not just necessary – it is a matter of survival.

Christos Adamantiadis is chief executive officer of Marsh Middle East and Africa

The opinions expressed are those of the authors and may not reflect the editorial policy or an official position held by TRENDS.

SPEEDREAD


Today's Headlines

The most important news stories of the day, curated by Post editors and delivered every morning.

Please enable JavaScript in your browser to complete this form.

By signing up you agree to our Terms of Use and Privacy Policy.

MORE FROM THE POST