By David Warr, Cyber Portfolio Manager for QBE Europe
Against a backdrop of a world more connected than ever before, businesses are increasingly dependent on integrating new emerging technologies. From AI-powered tools and cloud-based services and connected devices, the opportunities for rapid growth and increased efficiency are obvious. But this online interconnectivity and reliance on adopting the latest tech has a downside – an increased exposure to cyber risks.
QBE’s latest research highlights the increasing challenge faced by businesses, with annual global cyber-attacks predicted to double from 2020 to 2024[1]. This surge is being driven by the very technologies that businesses now rely on to operate, innovate, connect and compete.
The evolving risk landscape
As digital systems become more integrated into business operations, the potential vulnerabilities increase. Take cloud services, for example. Many companies have shifted their infrastructure to cloud-based platforms for flexibility and scalability. However, this shift has led cyber criminals to adapt their tactics, using new tools to target cloud systems. Cloud-based cyber-attacks that were once highly sophisticated are now accessible to lower-level cybercriminals, making the threat landscape more unpredictable and widespread. Employees are accessing business cloud infrastructure while hybrid working from home or on the move, often without the same cyber security measures available in the office.
Another rapidly growing area of risk is AI. The market for “AI-as-a-Service” is projected to skyrocket from $200 billion to $1.85 trillion in the coming years.[2] Many businesses will be racing to adopt AI services to not get left behind competitors, but in doing so may overlook new cyber risks that come with rapid adoption. For example, AI systems can be manipulated to form biases on data sets which can then be leveraged by bad actors. This accessibility to advanced AI tools also benefits cybercriminals, enabling them to carry out larger-scale attacks with greater speed and efficiency.
Interdependence and vulnerability
Technology’s interconnected nature has created a unique challenge of interdependence. Many businesses now rely on the same digital infrastructure tools, and third-party vendors, like Microsoft Office, Salesforce or Google Analytics. Larger tech vendors are also assumed to be safe, but there are always vulnerabilities like human error. A recent example is the CrowdStrike outage in July 2024. This single incident highlighted the fragility of interconnected systems, leading to an estimated $5.4 billion in damages among Fortune 500 companies and demonstrating how a single failure can have far-reaching consequences.
While the CrowdStrike incident was a technical error, it showcased the potential chaos if a similar disruption were driven by malicious intent. In the aftermath of the outage, cybercriminals exploited the situation with targeted phishing campaigns, emphasising how opportunistic and adaptive they can be.
Technological interconnectivity includes people too. Any employee connected to the internet could be exposed to phishing scams or similar cyber threats. Ransomware attacks have surged over recent years, with incidents in 2023 alone increasing by 74% compared to the previous year.[3] Moreover, ransomware incidents are no longer limited to financial gain. This trend underscores how profitable cybercrime has become, using simple techniques, and targeting companies across all sectors.
The cost of complacency and why preparation is key
QBE’s latest cyber research reveals a concerning trend: over a third of businesses lack an incident response plan, more than half (51%) of businesses are expecting a cyber event in the next 12 months, but despite these risks, a third (36%) said they do not have an incident response plan, and nearly half (43%) don’t have any form of cyber insurance[4]. Many companies might assume they’re too small, too niche, or not high-profile enough to be a target, but this perception is a costly mistake.
As technology advances, so does the complexity of cyber threats. Cybercriminals now have more opportunities to exploit vulnerabilities. For businesses, this means that cybersecurity can no longer be an afterthought. It needs to be embedded in every part of the operation—from the boardroom to frontline operations.
To navigate this evolving cyber landscape, businesses must invest in cyber resilience. This means understanding their unique risk profile, recognising that interconnectivity brings vulnerability, and proactively preparing for potential incidents. Developing a comprehensive response plan, regularly updating software and systems, and conducting regular threat assessments are essential steps.
[1] https://qbeeurope.com/news-and-events/press-releases/annual-global-cyber-attacks-double-from-2020-to-2024-qbe
[2] Unleashing the Power of AI in Financial Services: Opportunities, Challenges, and Implications, July 2024, International Journal of Advanced Research in Science Communication and Technology
[3] https://securityandtechnology.org/blog/2023-rtf-global-ransomware-incident-map/
[4] https://qbeeurope.com/news-and-events/press-releases/annual-global-cyber-attacks-double-from-2020-to-2024-qbe