The COVID-19 outbreak continues to spread and disrupt lives, businesses, and economies worldwide, which forces organizations and individuals to embrace new practices of social distancing and remote working. While the world is focusing on the health and economic threats posed by the virus, cybercriminals are seizing the opportunity to increase their attacks. Cyberthreats are increasing day by day, affecting both individuals and businesses. With the continuous lockdown policies and social distancing measures, individuals tend to increase the use of the internet and digital devices for their daily tasks, such as shopping, payments, and other transactions that were previously completed offline. For organizations, cyber threats are mainly caused by work from home measures, which sees companies implementing customer-facing networks and employee access technologies for their workforce. Although several cybersecurity efforts were carried out, the organizations’ unpreparedness can still lead to cybersecurity misconfigurations. In some cases, employees might be using their personal computers to work with confidential data, which could also pose a cyber risk to the companies. According to data published by Trend Micro [1], their Smart Protection Network (SPN) detected nearly 9 million Covid-19-related threats from January to June 2020. These threats are mainly originated from emails, URLs, and malicious files. The attacks also tend to target the fear and the constant need for updates on the virus, for instance, sending emails that claim to have the latest statistics related to COVID-19 cases. Another global survey released by the Interpol Bureau [2] has identified four main cyber threats related to the COVID-19 pandemic: 1- Phishing scams, and fraud: with 59% of respondents who stated the significant increase of COVID-19 themed phishing and online frauds that consist of cybercriminals posing as global health authorities with relevant information 2- Malware and ransomware: 36% of respondents noted that malware attacks shifted their targets from small businesses and individuals to government agencies and healthcare organizations 3- Malicious domains: 22% of respondents noticed an influx of newly registered domains that include keywords such as COVID or Corona, claiming to have the latest updates and statistics 4- Fake news: 14% of respondents listed misinformation as a main threat since false information and rumors continue to be shared through social media networks Businesses’ cybersecurity efforts In light of these challenges, companies are improving their cybersecurity efforts to manage their business continuity and avoid significant data breach losses. One of the major technology applications used to achieve this is the Virtual Private Networks (VPNs), which help companies manage their remote workforces’ access to data and information, as well as monitor potential cyber threats and their impacts on the companies’ activities. Cybersecurity is also expected to become an urgent priority for businesses around the world, with a special focus on endpoint security technologies. Thus, leading the global cybersecurity spending to reach $270 billion by 2026. [caption id="attachment_5547" align="aligncenter" width="624"] Figure 1: Global cybersecurity spending forecast in US$ billion [3][/caption] Spending related to external security services purchased Internal spend refers to the compensation of in-house full-time equivalent employees Source: AustCyber report “The global outlook for cybersecurity” based on data provided by Gartner, Australian Bureau of Statistics, Burning Glass, expert interviews; AlphaBeta and McKinsey Analysis Insurance and cyber risk mitigation Cybersecurity measures are not the only way for businesses to mitigate cyber risks. Cyber insurance policies are used by large and small corporations to receive full coverage in case of a cyber breach or attack. Most cyber insurance policies include a broad array of coverages relevant to the current environment. Coverages protect the companies’ network security liability and privacy liability, as well as cover costs related to security response, data recovery and restoration, ransom event, reputational harm, system failures, and other types of repercussions that may cause business interruption. The cyber insurance market, while small compared to more mature lines of business, has grown steadily in recent years. According to Swiss Re, cyber insurance premiums doubled between 2016 and 2019 [4]. The demand pre-COVID-19 was mainly driven by a shift of the business models implemented by SMEs, which focused on increasing their e-commerce and digital capabilities. This digital transformation trend will most likely accelerate post-COVID-19, as companies of all sizes are trying to align with the new market realities. This will also contribute to the growth of the cyber insurance market, which is expecting a growth of 20% to 30% per year on average, to reach $12.3 billion premiums by 2023. [caption id="attachment_5548" align="aligncenter" width="465"] Figure 2: Global cyber insurance premiums in US$ billion [5][/caption] Cyber insurance policies provided to individuals Cyber insurance policies provided to companies (SME and Large corporations) Source: S&P Financial Services forecasts However, investments in cybersecurity technologies and applications remain the main tool used by organizations to mitigate their cyber risks, as cybersecurity spending continue to outpace spending on cyber insurance (as stated in Figure 3). [caption id="attachment_5549" align="aligncenter" width="569"] Figure 3: Global cyber insurance premiums in US$ billion [6][/caption] Source: Marsh and Microsoft report 2019 Global Cyber Risk Perception Survey; based on data from Gartner, Munich Re This trend is likely to continue in the cyber market due to the pandemic’s impact on the cyber insurance prices, which are on the rise as insurers try to limit their risk exposure in order to maintain suitable credit and capital strength and manage their deteriorating loss ratios and overall profitability. While cyber insurance policies can assist companies with costs related to data breaches and cyber-attacks, the preventive nature of the cybersecurity solutions, the expensive insurance premiums, and policy coverage limits (i.e. maximum payouts that companies can receive in case of a claim) are all factors that continue to impact the way organizations choose to allocate their cybersecurity budgets. References: The study presents the data related to cyber threats detected by the Trend Micro Smart Protection Network (SPN) --- Securing the Pandemic-Disrupted Workplace: Trend Micro 2020 Midyear Cybersecurity Report The study presents a global survey conducts from April to May 2020, with data collected from 48 members countries and 4 INTERPOL private partners as part of the INTERPOL Global Cybercrime Survey --- COVID-19 Cybercrime Analysis Report- August 2020 The global outlook for cyber security https://www.swissre.com/reinsurance/property-and-casualty/reinsurance/cyber-reinsurance/reinsurance-a-growth-engine-for-cyber.html Cyber Risk In A New Era: Insurers Can Be Part Of The Solution 2019 Global Cyber Risk Perception Survey Sources: https://www.oliverwyman.com/content/dam/oliver-wyman/v2/publications/2020/apr/risk-journal-vol-9-2020.pdf https://www.mckinsey.com/~/media/McKinsey/Business%20Functions/Risk/Our%20Insights/Cybersecuritys%20dual%20mission%20during%20the%20coronavirus%20crisis/Cybersecuritys-dual-mission-during-the-coronavirus-crisis.pdf https://www.mckinsey.com/business-functions/risk/our-insights/covid-19-crisis-shifts-cybersecurity-priorities-and-budgets
The rise in cybersecurity incidents during crises is a testament to the evolving digital threat landscape. Notably, the 2008 worldwide economic recession marked a significant increase in such incidents, from Heartland’s massive credit card scam to Virginia’s prescription monitoring hack, showcasing a considerable rise in breaches and cybercrimes. As recorded by the Financial Fraud Action (UK), online banking fraud was peaking in 2009 at £59.7 million before falling in 2011 to £35.4 million. While it is remarked that history repeats itself, the COVID-19 era is no exception. Today’s reality is dominated by remote work that introduced businesses to a new level of dependency on digital collaboration tools. In this context, while authorities focused their efforts mainly on fighting the spread of the virus and improve their healthcare systems, IT professionals are concerned about assuring the environments’ security during this transition. In fact, based on Fugue’s survey on the state of cloud security published in April 2020, 84% of security professionals are worried that their institution has already faced a breach during the transition. This explains why despite the worldwide decline in job opening, countries such as the US and UK saw a rise in requests for information security roles. In terms of numbers, reported cybercrimes are already registering a steep rise and unprepared tools have experienced some of the world’s biggest breaches. ZOOM, the videotelephony software program, had 500,000 personal URLs and information sold on the dark web. Also, a hacker sold 115M personal data belonging to customers of a Pakistani mobile operator for $2.1M in bitcoin. These are just examples of breaches that can severely affect the public. From the visible side of the iceberg, the Internet Crime Complaint Center of the FBI announced a 300% increase in registered cybercrimes in five months, that jumped from 1,000 to 3,000 complaints per day. Additionally, the US Department of Health and Human Services stated that there have been 132 breaches this year (February to May) which is an equivalent of almost 50% increase compared to last year’s reported cases. Google, from its end, is currently preventing, over 18M COVID-19 related email scams and 240M spam messages on a daily basis. As Trend Micro confirms, malicious spam emails are the most considerable share of cyberattacks (up to 65.7%) and the top countries targeted by these types of hacks from January to March 2020 are mainly European countries with the UK at the top (20.8%), in addition to the United States and India. [caption id="attachment_5363" align="aligncenter" width="460"] Top countries targeted by spam emails connected to Covid-19[/caption] Experts predicted in December 2019 that security spending would experience a growth of 8.7%. However, the pandemic urged Gartner to adapt its estimate to 2.4% growth. Albeit the decline in the expected growth, factors related to the current businesses’ development are in favor of few security market segments such as cloud- and SaaS-based solutions that will still drive the sector on a positive trend. In fact, only Network security equipment and consumer security software are expected to decrease (-12.6% and -0.3%), while a considerable high increase of 33.3% is predicted for Cloud Security. The 2020 market will also experience 7.2% growth for data security, 6.2% for Application security, and 5.8% for both Identity access management and Infrastructure protection. From a cost viewpoint, IBM security’s latest insights reported that 2020 Cyber-attacks’ average total cost of a breach remains slightly at the same level ($3.86M in 2020 for $3.9M in 2019), with major increases targeting the energy (14.1% increase) and healthcare (10.5% increase) sectors. In fact, as countries’ stability is highly depending on the energy and utility industries, these sectors became in the past years a prime target for cyber-attacks encouraged by specific political and economic aims. Concerning the Healthcare sector, ForgeRock’s 2019 Consumer Breach report is showing that the most targeted data types are social security numbers, followed by medical records. These breaches will continue to increase as more COVID-19 tests and treatments are conducted. [caption id="attachment_5367" align="aligncenter" width="642"] Average total cost of a data breach by industry - cybersecurity[/caption] [caption id="attachment_5370" align="aligncenter" width="615"] Percent change in average total cost by industry, 2019-2020[/caption] Source: IBM Security, “Cost of Data Breach Report 2020”. What about African countries? The submerged side of the iceberg is mainly hiding the African countries’ situation as the cases are rarely covered. Moreover, their contribution to the cybersecurity market is still considerably low, while the number of incidents, mainly related to personal data security, is rising. Tomiwa Ilori highlighted in his paper published in June 2020 that out of the 54 African countries only 28 proved to have a data protection law including Morocco, Mauritius, Kenya, Uganda, Senegal, Tunisia, South Africa, and Nigeria. [caption id="attachment_5374" align="aligncenter" width="634"] Source: Tomiwa Ilori (April 2020). “Data protection in Africa and the COVID-19 pandemic: Old problems, new challenges, and multistakeholder solutions”, APC. [/caption] The provided snapshot above emphasizes that for African countries, there will only be room for serious discussions about Cybersecurity solutions when the inadequacy of their data collection’s regulation framework will be tackled. Raising the countries to the current Cybersecurity reality requires at first protecting the organizations’ most important asset by enhancing regulation and compliance requirements. To achieve this, data protection laws are only the first step. In this context, access to international instruments to reduce compliance gaps becomes a must. The continent should welcome, and particularly during this crisis, partnership opportunities between the different stakeholders, aiming to elevate their data protection laws to combine them with their cybersecurity strategies. Nada Benslimane - Business Analyst Sources: https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/ https://resources.trendmicro.com/rs/945-CXD-062/images/Trend-Micro-Research-COVID19-Threat-Brief-Summary-27Mar.pdf https://www.gartner.com/en/newsroom/press-releases/2020-06-17-gartner-forecasts-worldwide-security-and-risk-managemhttps://dataprotection.africa/ https://www.fugue.co/press/releases/fugue-survey-finds-widespread-concern-over-cloud-security-risks-during-the-covid-19-crisis https://africaninternetrights.org/sites/default/files/Tomiwa%20Ilori_AfDec_Data%20protection%20in%20Africa%20and%20the%20COVID-19%20pandemic_Final%20paper.pdf https://www.gartner.com/en/human-resources/research/talentneuron/cybersecurity-labor-shortage-and-covid-19 https://www.healthcarefinancenews.com/news/number-cybersecurity-attacks-increase-during-covid-19-crisis https://www.imcgrupo.com/covid-19-news-fbi-reports-300-increase-in-reported-cybercrimes/ https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/246749/horr75-summary.pdf https://www.power-eng.com/2020/02/12/energy-sector-cybersecurity-is-vulnerable-but-achievable/#gref https://healthitsecurity.com/news/health-sector-most-targeted-by-hackers-breach-costs-rise-to-