Ian has had a busy 2016 addressing numerous conferences around New Zealand on cyber security. Here he gets out his crystal ball with his top ten predictions for 2017.
1. More choice with Cyber Insurance in the short term
The number of Cyber Insurers will double over the next 1-2 years (from 8 to 16) and peak in 2018, making it the best time for Insureds to buy Cyber Insurance.
2. Exponential growth in Cyber Insurance
The global cyber insurance market will increase tenfold within the next 8 years (from US$2.5 billion to US$20 billion by 2025).
3. Exponential growth in Cybercrime
The cost of cybercrime will also grow from $3 trillion in 2015 to $6 trillion in 2021. Sophisticated insurers have been very public on their goals of understanding accumulations for various cyber disaster scenarios. But beyond direct cyber incidents like a cloud provider outage, perhaps the more concerning incidents are silent cyber scenarios exposing non-cyber insurance products to potential cyber-related losses.
When comparing the cost of cybercrime against the premiums generated, there is huge concern regarding the shortfall between the two. Something has to give.
4. Less choice with Cyber Insurance in the medium term
In 2-3 years’ time, cyber exposures will start to crystallise and the frequency and severity of payouts will become more widespread and sophisticated. Pressure will come on the financial ratings of Cyber Insurers from the likes of Standard & Poors, Fitch and Moodys. Consequently many Cyber Insurers will step out of the market.
5. Cyber security strategy
The government will roll out their new Cyber Security Strategy and CERT (Computer Emergency Response Team) early next year, launching a cyber credentials scheme and enabling SMEs access to a cyber risk assessment from specialists with some baseline recommendations and achievable requirements.
6. Legislative change
New Zealand will follow Australia, the European Union and the USA by mandating companies to notify their customers of any cyber security breach in their network. The 1993 Privacy Act will also get an overhaul as legislation becomes more progressive.
7. Stricter security standards for payment cards
The PCI DSS Council will take a greater interest in Australasian banks which will then put more pressure on merchants and retailers to comply with the security standard. The PCI DSS (Payment Card Industry Data Security Standard) is a security standard for organisations that handle branded credit cards from the major card schemes including Visa, Mastercard, Amex, Discover and JCB.
8. Ransomware attacks will increase
Ransomware attacks aren’t going away. New Zealand had 108 Ransomware attacks PER DAY this year (a 160% increase) and we expect more of the same in 2017. New Zealand has the second highest number of ransomware attacks in the Southern Hemisphere (21st globally) and more than 50% of claims we have seen on our policies were related to Ransomware.
DDoS attacks (Distributed Denial of Service) will become more sophisticated and targeted in New Zealand in 2017, even though we didn’t see the level of claims that we expected in 2016. DDoS is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
10. IoT and the Cloud
As more innovative Internet of Things (IoT) devices are deployed to monitor the safety of buildings or the performance of equipment, new cyber exposures will be created and need to be managed. Other changes in the technology landscape – from the migration of data and software to the Cloud to the use of artificial intelligence in commercial applications – are also shifting the nature of cyber risk.