Trends to watch: Cyber risk in 2024

Paul Bantick, group head of cyber risk, Beazley

Tip of the cyber AI-ceberg

The growth of generative AI and its use for both good and bad will continue to be the 'unknown known' risk in 2024. On the back of this rapidly developing technology, our research reveals concern over cyber risk will continue to dominate business executives' risk agendas (27% state cyber will be their key risk in '24).

Gwen Cujdik, claims manager, cyber incident response, AXA XL

Cyber extortion events are not going away. In fact, if the final quarter of 2023 is any indicator of 2024, we should all be buckling up for a ride. In 2023, we saw more frequency of cyber extortion events impacting mid to small markets earlier in the year. We started seeing an increase in significant events impacting large enterprise starting in October and holding steady through November. There was noted increase in demands by threat actors and in severity. It remains to be seen whether a soft insurance market, where controls that were in place in the hard market, were set aside and therefore, contributed to the increase in severity. Some threat actors including Scatter Spider engaged in highly sophisticated and targeted attacks (a.k.a. big game hunting). I believe that the controls of the hard market helped to minimize the severity of attacks.

We continue to see wire fraud events. This suggests that bad guys will continue to pivot to whatever means necessary to get the payout – either by ransom or by duping people into wire fraud.

I think we will also see an increase in the use of social engineering as a means to gain unauthorized access into systems – not just email fraud. This includes sophisticated attacks aimed at bypassing MFA and other tried-and-true security features: SIM swapping for example or social engineering to dupe IT staff into granting access to accounts under the belief the caller is an employee (experts are recommending video verification now), and the use of publicly available information to attempt to legitimize communications or websites where individuals are duped in clicking on links or opening attachments with malware.

Lastly, I think we will continue to see attacks stemming from zero-day vulnerabilities. While the window of time can be short to leverage these vulnerabilities, those that are not consistently patching their network will continue to be the most vulnerable to these attacks. For these threat actors, all it takes is one big score per-vulnerability and it's worth the effort.

Joshua Motta, CEO and co-founder of Coalition

In 2024, cyber risks will become even more complex as attackers get savvier with the help of artificial intelligence. Ransomware has become easier to deploy at scale, and phishing scams have become more sophisticated and harder to detect. New threat types also increase organizations' risk, like weaknesses in everyday internet-connected devices (IoT).

The good news is that technology will also help us fight these emerging risks better next year. The tools we use to predict and analyze these digital threats are improving, and more organizations are seriously strengthening their security defenses. Leading cyber insurers are now incentivizing and requiring more robust security measures from their policyholders and recognizing the importance of active protection that helps organizations consistently improve their security postures.

Rajeev Gupta, co-founder and chief product officer at Cowbell

Artificial intelligence and machine learning will likely play a significant role in both cybersecurity and insurance. AI can be used to detect and respond to cyber threats more effectively, and it can also help insurance companies assess and manage risk more accurately.

Advancements in quantum computing may also pose both challenges and opportunities. While quantum computing can potentially break current encryption methods, it can also be used to develop more secure encryption algorithms.

The increasing connectivity of devices due to the Internet of Things (IoT) will likely create new vulnerabilities, making cybersecurity measures even more critical. As a result, there may be a growing demand for insurance coverage related to IoT security breaches.

Personal cyber insurance is likely to become more relevant as individuals increasingly rely on more technologies in their daily lives.

Multi-Factor-Authentication (MFA) will likely get universally implemented. There will not be any SaaS or Cloud solution that will accept only a single factor authentication. Biometric authentication and other forms of advanced identity verification will become more prevalent, enhancing security measures.

Clay Stabert, Sompo Pro deputy cyber product manager, Sompo International, North America

Clay Stabert, Sompo International, North America

As 2024 gets underway, we're going to see AI weaponized by bad actors to broaden attack vectors, and as a result, we can expect to see funds transfer fraud and social engineering increase across the board. In response, organizations must redouble their efforts to deliver employee training in a targeted manner. Example-based training on SMS phishing or "smishing" and phishing attempts by QR code, or "quishing", should be used to educate employees about what they are likely to see and to teach them to question and validate with whom they are communicating. Simultaneously, underwriters and brokers will need to ask more specific questions about training and validation to ensure that insureds are in the best possible position to protect themselves against threat actors' latest tactics for leveraging AI.

Abhishek Madhok, principal, cybersecurity, EY

Increased sophistication in cyber threats will require insurers to have a more integrated approach to risk management with third party, resiliency and fraud teams working together with the cyber and technology organization to manage and respond to events of interest in the environment, as well as look to optimize cost of protecting the organization.

Darren Humphries, CISO, Acora

In 2024, AI and natural language will be taking center stage in our forward-looking threat landscape. AI is posing a risk due to two different themes; attackers using AI to train malware to bypass defender security controls and AI helping the attackers with knowledge to refine social engineering and phishing attacks.

This in itself is bad. However, with attackers using tools such as ChatGPT, they are adding either another layer of machine generated anonymity, or worse, purposely making the attack look like a false flag attribution of the attacker which will cause complexities with cyber insurance.

Supply chain risk is also high on the cyber agenda. There is an increase in cyber incidents driving more mature regulations and compliance as seen by U.S. SEC or the EU DORA regulations. One stat shows a supply chain incident increase +608% for this year.

Attackers will continue to attack the weak link. As organizations spend on their own cyber strategy and controls, an immature approach to supply chains, which are outside of people's control, will lead to an increased reliance on ways to score and collect evidence to show good cyber practices rather than simply rely on trust.

Davis Hake, co-founder, VP of Communications and policy, Resilience

As the cyber threat landscape continues to evolve year over year, it is pivotal to monitor trends and track their impact on the global cyber ecosystem. Attempting to understand why threat actors do what they do helps us begin to uncover how they will behave in the future. In order to maintain cyber resilience against new and emerging threats, this level of attention and understanding is necessary.

Adversaries will continue to leverage large language models (LLMs) to accelerate the time to ransom.

Resilience cybersecurity experts predict that in 2024, adversaries will continue to leverage Large Language Models(LLMs) to accelerate human engineering tactics and time to ransomware attacks. According to a report by NordVPN, there is increased interest by potential criminal actors as the volume of posts regarding ChatGPT in DarkWeb forums has increased 145% from January to February 2023.

LLMs can be leveraged to create more convincing and effective social engineering or phishing attacks. They can also be used to impersonate organizations or individuals and create fictitious engagement on social media platforms. The future of social engineering attacks will require a heightened level of vigilance on a human level. More sophisticated training and stronger email security measures will be required to replace traditional mitigation measures, such as searching for spelling errors or disfigured company logos.

Threat Actors will continue to target third-party vendors to scale their attacks.

Trends we've seen throughout 2023 will continue and potentially ramp up as the success of third-party vendor breaches fund cybercriminal activities. Third-party risk poses massive challenges to companies, particularly within the supply chain.

LockBit will remain the dominant ransomware gang for a fourth consecutive year.

LockBit has been the dominant ransomware gang for the last three years, and this will not change in 2024. In 2023, LockBit had more than twice as many victims as the two other top ransomware groups, CL0P and BlackCat, respectively. Their continued high volume of victims makes them the world's "most active" ransomware group. In 2024, it is more than likely that LockBit will maintain this status. However, as organizations grow more resilient to making ransom payments, LockBit may struggle to remain profitable in the upcoming year. Despite the state of the ransomware economy, reducing LockBit's success by maintaining security infrastructure against ransomware extortion will be a key focus in 2024.