Cyber Warfare is an Escalating Threat in 2024, says New Report by Flow

Cyber Warfare is an Escalating Threat in 2024, says New Report by Flow
The increasing prevalence of cyber warfare and nation-state attacks poses significant risks in 2024 and  policies must evolve to address these issues, according to a new industry report by Flow.

The increasing prevalence of cyber warfare and nation-state attacks poses significant risks in 2024 and  policies must evolve to address these issues, according to a new industry report by Flow.

The Cyber Insurance Mid-Year State of the Market Report reveals that Increased competition has softened the market, lowering rates and expanding policy offerings compared to the tougher times of 2020-2022, but that cyber warfare is an escalating threat.

The report notes that some policies may exclude coverage for acts of cyber warfare or terrorism. It’s important to review these exclusions and consider policies that offer coverage extensions or carve backs. Recent notable attacks against public utilities include:

  • Hacktivist Attacks on Water Utilities (November 2023): The hacktivist group CyberAv3ngers compromised programmable logic controllers (PLCs) at water utilities in North America, Europe, and Australia. They disrupted water services for two days in at least one community by exploiting default passwords and internet-exposed OT devices.
  • Chinese State Hackers Infiltrating U.S. Water Systems: Chinese state-backed hackers have infiltrated U.S. water facilities, raising concerns that Beijing could disrupt critical infrastructure during conflicts.
  • Russian Hacktivist Attempt on Texas Utilities (Early 2024): A Russian-linked hacktivist group attempted to disrupt operations at several water utilities in Texas earlier this year.

Speaking to Insurtech Insights, David Derigiotis, Head of Insurance for Flow, said: “This critical coverage is important but does not carry the same weight across all industries. Government and other critical infrastructure clients, along with Fortune 500 organizations, will be at a heightened risk for these attacks compared to everyday businesses. This is not to say that a traditional SMB could not become part of the collateral damage from a broader nation state attack, however policy cost must be balanced with the overall value that the insurance is providing.”

Davis Derigiotis

Market Surge

The report also highlights a number of other challenges, including the fact that the global cyber insurance market surged from $16.66 billion in 2023 to $20.88 billion in 2024. It’s projected to hit $120.47 billion by 2032, showing a robust 24.5% annual growth rate. This rapid expansion underscores the rising need for cyber coverage in today’s digital world.

Insurers are now leveraging advanced technological tools to assess risks and offer cybersecurity services alongside insurance. This new blend provides a holistic approach to cyber risk management. Retail agents have a prime opportunity to cross-sell and introduce cyber insurance to first-time buyers, with huge growth potential.

Derigiotis said the need for balance was critical: “The insurance industry will need to balance the continued growth and demand within this segment with the evolving nature of cyber risks if it is to remain competitive and profitable at the same time. Continuing to enhance the availability of risk management services for policyholders, addressing supply chain risks and ransomware (CDK, Snowflake, etc. as recent examples), and having a well-balanced portfolio of clients (higher risk/lower risk) will ensure longevity.”

He noted that the new risk landscape requires companies to take a multi-layer approach to protection.”To effectively reduce their cyber risk, companies should prioritize a multi-layered approach which is critical for effective security. Start by implementing meaningful risk management procedures, including regular vulnerability scanning, security assessments and understanding the organization’s digital footprint. Conduct thoughtful employee training on cybersecurity best practices-these services can often be included as part of a cyber insurance offering.”

Derigiotis said that companies need to:

  • Develop and regularly test incident response plans
  • Leveraging AI and machine learning for advanced threat detection and response capabilities. 
  • Develop a timely patching cadence for known vulnerabilities. Many of the most damaging security incidents arise from basic security failures.
  • Implement multi-factor authentication across all systems and privileged users. 
  • Secure the software supply chain and prepare specifically for ransomware attacks. 
  • Make sure vendor agreements have a notification requirement for unauthorized access or other security incidents. 
  • Stay informed about emerging threats through regular threat intelligence monitoring. 

He concluded: “Finally, consider appropriate cyber insurance coverage to transfer some financial risks. By focusing on these key areas, companies can significantly improve their cybersecurity posture and resilience against evolving threats.”

Reporting by Joanna England

Share this article: