Across the globe, our teams have observed these new cyber trends emerging over the past year, with many emerging over the past six months. These trends represent new developments in the cyber risk and security landscape and may have significant implications for both companies and consumers. Today, many cyber risks have become systemic. Such large-scale, rapid-fire attacks spread from one country to another. The globally disruptive cyber-threats of 2017 unite businesses and individuals around the world in a common endeavor to stay secure.
From helping companies adopt some of the world’s leading best practices for cybersecurity to consulting individuals on how to help protect their identities in the aftermath of large-scale data breaches, AIG can deliver unique perspectives that stem from our longstanding experience as a global leader in cyber insurance. As cyber risks around the world become increasingly interconnected, AIG can help its clients develop global cyber risk solutions and can deliver, through collaborative partnerships, the meaningful risk insights that enable stronger and safer outcomes.
1. 2017 Breaches May Be Turning Point for Consumer Cybersecurity in U.S.
The May 2017 WannaCry ransomware attack, which spread across 150 countries to affect over 200,000 victims, raised awareness in the U.S. of the urgent need to protect personal data.i In June, the U.S. Department of Health and Human Services (HHS) issued a warning regarding the continued effects of the attack on American healthcare operations. The WannaCry attack, which struck several large U.S. hospital networks spanning multiple states, revealed vulnerabilities in the systems that carry and protect individuals’ healthcare information. The self-replicating ransomware attack locked up data on hospital computers and even affected medical devices. In the immediate aftermath of the attacks, news media and cybersecurity specialists recommended cybersecurity best practices for healthcare organizations and individuals alike.
The mass data breach at consumer credit reporting agency Equifax, which may have affected up to 143 million Americans, may also amplify individuals’ interests in protecting their digital security. As one of the most severe data breaches in U.S. history due to the type of sensitive personal information releasedii —social security numbers and drivers’ license numbers, as well as credit card numbers, for example—the Equifax hack reveals the necessity of protecting consumer data. Following the attacks, risk specialists are delivering consumers much-needed strategies to help them manage financial and personal risks.
Data breaches reached companies and consumers in 2017. Wannacry targeted consumers, major corporations and organizations, including healthcare providers. Equifax targeted consumers, Equifax, U.U. credit reporting system. Wannacry affected 200,000 people across 150 countries. Equifax affected up to 143 million people in the U.S. Wannacry worked by locking users out of their own networks and holding data for ransom. Equifax worked by accessing personal files through a website application vulnerability.
The large-scale data breaches of 2017 show businesses the importance of implementing world-class cybersecurity training to help protect themselves and their employees, as well as the value of implementing world-class response plans to maintain relationships with consumers in the event that a cyberattack does succeed. Greg Vernaci, AIG’s Head of Cyber, U.S. and Canada, emphasizes that the disruptive, global cyberattacks of 2017 have shown organizations the necessity of protecting their complex supply chains from cyber vulnerabilities. “Most companies today understand that failing to protect their data from disclosure may lead to significant financial impacts, but recent incidents like NotPetya and WannaCry have raised more awareness for those same companies on how dependent they are on technology—and how interdependent they are on other companies to operate their business. Dependent business interruption and supply chain risk pose significant financial risk to organizations, and in some cases, those risks can exceed losing customer data.”
As they learn more about the outcomes of these attacks, American consumers may also face a changed cyber landscape—one in which protecting personal cybersecurity is an everyday, essential concern. AIG research indicated that in 2016, U.S. consumer insurance buyers did not anticipate cyber risks as a priority area for action. Of 15 risk areas, including the impact of globalization, terrorism, and natural disasters, consumer insurance buyers in the U.S. ranked cybercrime only in the ‘middle of the pack’ in terms of their concern and their likelihood to take action. As the cyber risk landscape continues to evolve, we may see Americans’ interest and investment in the urgent issue of cybersecurity deepen in 2017 and beyond.
2. Mexico Launches Public-Private Partnerships to Enhance Cybersecurity
The Mexican Federal Police force has signed a government agreement with Microsoft to share insights and develop new solutions for IT security. The public-private partnership follows Microsoft’s opening of a new cybersecurity center in Mexico City to help Latin American countries combat cybercrime. The goal of the Cybersecurity Engagement Center is to help train and develop cybersecurity specialists, including members of government and public institutions, to create a more “united front” to address cybersecurity challenges in Latin America.iii Specialists at the Engagement Center can work in international collaboration with specialists at Microsoft’s Cybercrime Center in Redmond, Washington on digital forensics, data analysis, and legal tactics to reduce cyber risks.iv The project is consistent with Mexico’s new $89 million national anti-cybercrime strategy, which aims to help protect the country’s infrastructure from cyberattacks and define strong guidelines for cybersecurity.v
The public-private partnership with Microsoft is one of several recent initiatives by Mexico to strengthen cybersecurity in collaboration with international businesses and governments. In 2016, the Mexican Federal Police Force partnered with Google for cybersecurity education. Government officials, as well as police cybercrime units from 11 Mexican states, participated in the training. In 2017, the Mexican Federal Police also established a partnership with Great Britain to create a “bilateral exchange of knowledge, experience, and best practices to combat cybercrime.”vi