10 September 2023

CyberCube report: Nation-state cyber hot zones offer a view into the future of cyber war​


In a new report examining selected nation-state cyber hot zones to gain insight into the potential cyber (re)insurance impacts of future cyber wars, CyberCube monitors these hot zones for evidence of cyber attacks bridging the divide between digital and physical impacts.​ It analyzes state-nexus cyber threat actors in Russia/Ukraine, China/Taiwan, Iran/Israel, and North Korea/South Korea. (Re)insurers can model realistic cyber disasters considering recent state-nexus cyber activities using CyberCube’s Portfolio Manager software solution.​

William Altman, Cyber Threat Intelligence Principal, CyberCube, said: “Nation-state cyber hot zones offer a glimpse into the potential future of cyber war.​ In Q4 2023, CyberCube expects to see nation-state cyber threat actors conduct themselves in ways that push the cyber (re)insurance industry to consider the limitations and strengths of current war-exclusion language​ deeply.”

The research “CyberCube’s Global Threat Outlook: A perspective on the threat landscape for Q4 2023” also highlights how the combination of CyberCube’s Exposure and Security Scores paints a clear picture of industry-level differentiated cyber risk opportunities. The highest-risk sectors to keep an eye on in Q4 include Professional Services and Healthcare, which are both under-secured relative to the threats they face and make attractive targets, with high levels of sensitive data — leaving companies vulnerable to ransomware and extortion tactics.

The report notes that while there has been substantial progress and momentum achieved this year, including, in March, Lloyd’s of London rolling out an exclusion for cyber war and severe state-backed attacks, the reinsurance market is yet to settle on a consistent approach that is acceptable to all stakeholders.

Yvette Essen, CyberCube’s Head of Content, Communications & Creative, said: “The approaches currently being adopted carry significant uncertainty, mainly due to the complexities surrounding the attribution of cyber incidents and the scarcity of historical parallels. By striving for consistency and clarity, we can bolster confidence in the cyber reinsurance sector, shielding it from the impact of outlier events, while reinforcing the overall value of cyber insurance products.”

No comments: