No organization – large or small – is immune to the threat of a cyberattack

To address growing cybersecurity threats, the Coalition announced last month a expanding its cybersecurity offering for large US enterprises with annual revenues of up to $5 billion.

Insurance Business reached out to Tiago Henriques (pictured), vice president of security research at Coalition, to learn more about this enhanced product, and why large organizations need the coverage. The cyber expert was also asked whether or not ransomware will continue to be an issue for businesses in a post-pandemic world.

Coalition recently expanded its cybersecurity offering to enterprise businesses with revenues of up to $5 billion. How vulnerable are big US businesses to cyberattacks?

It is important to say that all businesses, regardless of size, are vulnerable to cyberattacks. Large companies like Equifax, T-Mobile, and JP Morgan have all experienced data breaches in the past decade alone. No matter how many resources a company has, it can still be vulnerable to cyberattacks.

Large companies tend to have large attack surfaces. While many have internal resources and more sophisticated security postures, they are still at high risk due to complex systems, greater network exposure, and more surface area to target. In many ways, the saying, “the bigger the business, the bigger the threat” is true.

Besides having a larger attack surface for threat actors to exploit, what are the other cybersecurity challenges that business enterprises must face?

Large enterprises rely on complex technology stacks with a vast network of vendors, making software patching difficult. This reliance also means that these large companies are not only taking their own risks but also the risks of other companies by proxy. These partners present their own set of cybersecurity concerns, making the problem exponential.

In your opinion, will ransomware continue to be the biggest cyber boogeyman for businesses?

Ransomware is a serious concern, and paying a ransom is a scary thought for a business. Fortunately, our data shows a decrease in the frequency of ransomware attacks and the amount of ransom demanded between the second half of 2021 and the first half of 2022. We also note that the average demands of ransomware decreased from $1.37 million in H2 2021 to $896,000 in H1 2022. This decrease in frequency and severity is likely because organizations are becoming more aware of ransomware threats. They have begun implementing controls, such as offline data backups, that allow them to refuse to pay the ransom and restore operations through other means.

But as ransomware declines, attackers are turning to other reliable methods. Phishing, for example, has increased – and only continues to increase. According to our claims data, phishing triggers most cyber incidents. In H1 2022, phishing accounted for 57.9% of reported claims.

How can the insurance industry keep up with increasingly complex cyberattacks?

The only way for insurance to keep up is to follow the numbers and data. Organizations need real-time monitoring and vulnerability management to inform insurance protections. They need to ensure that they focus on mitigation according to their available resources. And they need to prioritize fixing the vulnerabilities that will cause the most damage.

#organization #large #small #immune #threat #cyberattack