Reinsurance
Product Family
Claims
Risk Consulting
Media Center
Get In Touch

Dealing with the COVID-19 pandemic affects us all. Businesses around the world are finding new ways of working as the pandemic continues to affect the safe movement of people and goods. And against this backdrop, the cyber threat has not gone away. 

Annabel Jamieson, manager - cyber defence at Accenture, and James Tuplin, head of cyber and TMT at AXA XL, discuss the results of the latest Accenture/AXA XL cyber threat intelligence analysis and how all businesses can apply adaptive security to be more cyber resilient.   


Q. What does the current threat landscape look like?

Annabel Jamieson: As you would expect, cyber criminals are taking advantage of the COVID-19 crisis and having a broad impact across industries around the world. For example, malicious actors are are aware that companies are struggling to keep up with new demands, and that some security teams have limited access to the tools and talent required to defend their businesses effectively.

Cyber criminals are preying on the susceptibility of newly remote workers by offering lures and traps that imitate credible sources. For instance, our most recent cyber threat intelligence analysis report, produced in collaboration with AXA XL, shows that 33 percent of our cyber investigations undertaken in the last quarter were related to business e-mail compromise. Another popular method for targeting organisations has involved exploiting remote-access vulnerabilities, with 30 percent of incidents examined involving this method of compromise. 

Q. Is there a threat to intellectual property (IP)?

Annabel Jamieson: Industries that house organisations making considerable investments in research and development (R&D)—such as defence, manufacturing, academia, aerospace—have historically been key targets for espionage actors looking to steal trade secrets and corporate IP. Alongside these traditional targets, the pharmaceutical industry would be highly attractive today, as malicious actors look to disrupt companies seeking a vaccine for COVID-19. 

Organisations are often unaware of sensitive publicly available information that threat actors can turn to their advantage; our latest cyber threat intelligence report found that 10 percent of companies had exposed information, such as sensitive manuals, product diagrams or protocols, on public online repositories.

Q. How are cyber criminals carrying out attacks?

Annabel Jamieson: The techniques being used by malicious actors to exploit the situation are not new—methods such as phishing, social engineering, credential access and the deployment of malware have all been widely used by cyber criminals for some time. Typically, cyber criminals have taken advantage of human vulnerabilities, which often require low investment but can generate big returns. Accenture is continually monitoring the market for new threat campaigns used by malicious actors. 

Q. What can companies do to combat current cyber threats?

Annabel Jamieson: Above all, COVID-19 is a health and humanitarian crisis. But just as businesses are seeking to protect their colleagues by enabling them to work from home or putting social distancing protocols in place, so they can protect their people against cyber threats. Clear, consistent and regular communication is key. For example, colleagues should be made aware of procedures to protect company information. They should be briefed on best practices for working from home and helped with configuring and connecting to virtual private networks (VPNs) in the safest way. Computers and devices that colleagues are using to work from home should be updated regularly, where possible. Above all, security needs to be adaptive and resilient, so that it can flex to meet future, changing demands.

James Tuplin: Colleague education is a vital part of being more cyber resilient. Companies should have robust processes in place to help colleagues identify phishing if they believe something to be suspicious. And as well as basic security steps, such as keeping software up-to-date, colleagues should also be encouraged to change their passwords frequently and not to use familiar or meaningful data within those passwords. 

Q. How can cyber underwriters help companies to manage cyber threats?

James Tuplin: It is important to remember that a cyber policy is a guarantee of service, which provides not only financial protection should an attack occur, but also expertise to help clients handle a cyber situation from start to finish.

I can’t stress enough that companies should focus on the prevention of cyberattacks. As the current situation has illustrated, it’s also vital that their security teams test business continuity plans regularly. 

Of course, insurers can play their part by offering access to expertise to help mitigate exposures, as well as post-breach recovery services if an attack takes place. 







  • About The Author
  • Head of Cyber and TMT – International Financial Lines
Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha
 
Subscribe

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.