Top cyber risk trends for 2023
Explore the top cyber risks facing businesses in 2023 with this in-depth guide. From insider threats to blackouts, we’ll explain what to look out for.
Businesses aren’t the only ones adapting to technological leaps. Cyber criminals are also finding new ways to con small business owners out of their hard-earned money.
Some 16% of UK companies faced a ransomware attack last year, according to the Hiscox Cyber Readiness Report 2022, which found phishing emails and stolen passwords among the main causes of ransomware attacks.
From insider threats to cable-cutting and rolling blackouts, read on to explore the top cyber risk trends in 2023, so that you and your business are prepared for any unexpected attacks.
1. Insider threats
Recession fears and economic turbulence have squeezed the finances of both businesses and families in the past 12 months, with rising inflation, higher interest rates and weaker economic activity adding to the strain.
With no end in sight, squeezed incomes could fuel a rise in internal cyber-attacks this year. There are two motivations:
- Employees boosting their finances. As they make up for lost income, staff may be tempted to commit fraud, work with criminal gangs, give up their credentials, or trade intellectual property for bribes. Workers who struggle to pay their bills could ultimately be more willing to take risks and seek financial alternatives.
- Low morale prompting retaliation. Disgruntled staff and those who have been made redundant might remove or delete important company data.
How could you prevent insider threats?
Preventing insider threats doesn’t have to be complicated. In times of economic stress, it may be as simple as reaching out to your employees to check up on their mental and financial health. Signposting sources of support, such as charities and consumer champions, could stop their money worries from spiralling into fraud. It might encourage them to buy into your broader mission too.
There are also a range of practical steps you could consider to prevent the removal of valuable data. For example, encryption, multi-factor authentication and access restrictions could stop insubordinate employees from viewing sensitive files and servers.
3. Ransomware gangs fracture
Ransomware continues to pose a significant risk to companies, with the threat evolving as criminals adapt their techniques.
Victims of ransomware lose access to important files or systems, as criminals encrypt their data. They’re then asked to pay a ransom for it to be unlocked. According to Hiscox, 63% of victims in the UK agreed to pay their ransom last year. However, internationally, just 59% of companies who pay successfully recover all their data. While 43% get the recovery key, they still end up rebuilding systems.
Following a sharp increase in ransomware attacks in 2021, certain regions saw a decline last year. Cyber criminals have adapted their methods, and there’s been a shift from attention-grabbing ransomware gangs towards smaller, niche groups that prefer anonymity. Criminals are also targeting specific industries or regions, rather than seeking infamy.
Ransomware can strike any business, but Hiscox has identified professional services (18%), construction (19%) and financial services (23%) as the least prepared industries in 2022, with food and drink (62%) being the strongest.
How could your business tackle ransomware?
Common tactics to defend against ransomware include:
- Keeping devices up to date with the latest software
- Educating staff to avoid disclosing login details or clicking on suspicious links
- Backing up important systems and files to minimise any downtime
- Only sourcing downloads from trusted sites
- Avoiding USB sticks from unknown sources
Cyber insurance might also offer peace of mind if a ransomware attack strikes, as it can deliver financial protection in the face of digital threats.
4. Password-less authentication
Businesses continue to embrace multi-factor authentication (MFA) in a bid to combat fraud and data breaches. MFA goes beyond traditional password authentication, making users confirm their identity in more than one way when signing into an IT system.
MFA adoption has surged in recent years. Apple, Microsoft and Google have now committed to support the next generation of authentication through password-less sign‑ins, encouraging the use of biometrics like face or fingerprint recognition instead. After all, biometrics require physical access to your device and are now built into most modern phones.
The increased security offered by password-less authentication means its growth should only continue this year.
How could your firm adapt to password-less authentication?
Not every business will have the budget, time and capabilities to invest in password-less authentication. However, it may be worth looking into if you have security concerns – or lots of complex passwords to keep track of.
This technology can prevent hackers from guessing your passwords and removes the danger of employees forgetting them. It could take the form of biometric authentication such as fingerprint scans, unique email links or one-time passwords sent to the user’s phone.
However, with greater security comes stronger data protection requirements. Biometric data is deemed to be personally identifying information. As a result, it’s covered by privacy regulations like GDPR. You’ll need to get consent from users and think carefully about how their data will be protected.
Attacks on physical cyber infrastructure could prove just as damaging as digital threats in 2023. Global internet connections are supported by submarine fibre-optic cables, and a range of suspicious attacks have harmed these cables in recent months with the culprits yet to be found.
Whether activists, criminal gangs or hostile nation-states are behind the attacks, the cabling network remains highly vulnerable. With 21st century life so reliant on the internet, it could have knock-on consequences for people’s day-to-day routines and key business operations.
6. Rolling blackouts
As well as cable cutting, the threat of blackouts have loomed large as supply chains have fractured amidst the conflict between Russia and Ukraine, which stoked fears over global energy supplies in 2022. The dangers remain this year, as governments closely monitor gaps between supply and demand.
The potential consequences of rolling blackouts include:
- Loss of data centre power – although governments are likely to give this infrastructure priority during blackouts
- Disruption to remote working
- Fluctuations in office energy supplies.
How could companies brace for downtime and blackouts?
Companies often have limited options when dealing with blackouts and internet outages, but there are a few basic measures you can implement to prepare for cable-cutting incidents and power cuts:
- Research independently powered generators to see if they could keep your business moving
- Consider emergency lighting to help staff deal with a sudden loss of power
- Get in touch with your internet provider to gauge whether mobile connections are available
- Create an emergency toolkit for employees, including guidance and useful resources.
Staying ahead in the cyber security race
Businesses face a myriad of cyber risks in 2023. Blackouts and cable attacks have made the future of physical infrastructure less certain, while traditional threats such as ransomware attacks and data breaches have evolved.
Whatever your company’s size and sector, it’s useful to think about contingency plans should the worst happen. What would you do in the event of a long-term blackout? How would your existing security systems cope with a significant hacking attempt?
A cyber insurance policy could shield your business from the financial harm of digital crime. Explore how cyber insurance works and learn more about the specialist cyber cover available from Hiscox.
PROFRESSIONAL BENEFITS PROGRAMME
Hiscox wants to help your small business thrive. Their blog articles will contain lots of useful information relevant to your growing business. But these articles do not constitute professional advice and must not be construed nor relied upon as such. To find out more on a subject we cover here, please seek professional assistance, specific to your circumstances.
*Any discount is only applicable to policies introduced via the Institute of Directors, whether existing or new, but could not be applied to policies that are being managed by an alternative third party such as an insurance broker.
Discount available for the lifetime of your policy applies on renewals while the Institute of Directors remains an Introducer Appointed Representative of Hiscox Underwriting Ltd.
Terms and conditions apply. For full terms and conditions see hiscox.co.uk/IoD/business-insurance.
The Institute of Directors is an Introducer Appointed Representative of Hiscox Underwriting Ltd. who is authorised and regulated by the Financial Conduct Authority. For UK businesses only.