No end in sight for cybercrime threat as global connectivity fuels risk

Global connectivity mean that losses from cybercrime are only likely to increase, warns cyber risk expert James Trainor.

Speaking at the Guernsey Insurance Forum 2017 in London, Trainor – the former head of the FBI’s cyber division who is now senior vice president within Aon’s Cyber Solutions Group – said a 2014 study by the Centre of Strategic and International Studies that attributed annual losses of $445 billion to cybercrime was now vastly underestimating the current position.

“Various organisations have done research, over the last couple of years, and some suggest that that the figure will go up to six trillion,” said Trainor, who cited increased connectivity as one of the biggest factors for this rise.

“The Internet of Things is a perfect example. There’s about six or seven billion devices connected to the internet now. That number could go up to 20 or even 50 billion devices in the next three to five years, so more connectivity means more opportunities to do denial-of-service attacks, more vectors into your network, more opportunities to crypt those devices to make money,” he said.

Trainor warned there was currently a lack of insurance premiums being taken to cover for the estimated losses from these cyber-attacks.

“I’m not sure six trillion is the real number, but I do know the insurance premiums that are coming in, which is about $3 billion annually on cyber.

“So, whether it’s $445 billion or six trillion, there’s only three billion in capital – that’s a significant gap. Essentially, companies are absorbing the losses for this,” said Trainor.

“That’s why I call cyber somewhat of a team sport, meaning that companies have to do a better job of protecting their network, the insurance industry has to bring more capital into the industry to cover the losses and government has to do a better job of disrupting it.”

Trainor emphasised the importance of having trusted advisers who could navigate what was becoming an increasingly complicated space.

“If cyber security’s very complicated, cyber insurance is equally complicated. The past is less indicative of the future in cyber. We don’t have 350 years of actuarial data to underwrite cyber risk – the threat evolves.

“Ransomware is a perfect example of how the threat has evolved over the last three years. It went from getting paid from a credit card or PayPal to now having to do the transaction entirely on Tor, which is an anonymised browser, and pay via a virtual currency,” added Trainor.