Connect with us
https://tickernews.co/wp-content/uploads/2023/10/AmEx-Thought-Leaders.jpg

Tech

Cybercrime insurance is making the ransomware problem worse

Published

on

Cybercrime insurance is making the ransomware problem worse.

During the COVID-19 pandemic, there was another outbreak in cyberspace: a digital epidemic driven by ransomware.

Several organisations worldwide fell victim to cyber-extortionists who stole data either to sell to other criminals or held it as a ransom for a profit. The sheer number of attacks indicates that cyber security and anti-ransomware defences did not work or have limited effectiveness.

Businesses are turning to cyberinsurance companies in desperation to protect themselves from attack. But the growth of the cyberinsurance market is only encouraging criminals to target companies that have extortion insurance.

A 2021 study from the University of Leeds found there was a massive acceleration in major cyber-attacks on organisations during the pandemic. The paper also showed a “shift in offender tactics which scale up levels of fear in victims … such tactics include a shift towards naming and shaming victims, the theft of commercially sensitive data and attacks targeting organisations which provide services to other organisations.”

A report by global cybersecurity firm Sophos found that 66% of organisations surveyed, from across 31 countries, were hit with ransomware in 2021, up from 37% in 2020. The average ransom paid increased nearly fivefold to US$812,360 (£706,854). Insurance companies often opt to pay the ransoms that cybercriminals demand – 82% of UK companies pay up.

According to US think tank the Council on Foreign Relations 22 countries are suspected of sponsoring cyberattacks, including the United States.

And a new black market in which cybercriminals provide products and services to other cybercriminals is flourishing and driving the surge in ransomware attacks. So-called ransomware allows everyone from teenagers to skilled amateurs to professional criminals to rent malware, encryption tools, and even Bitcoin wallets.

It is like a criminal renting a gun from another criminal who manufactured it.

In July 2020, three teenagers hacked Twitter. The attack resulted in the hijacking of 130 accounts – some of which included high-profile targets including Joe Biden, Barack Obama, Apple, Elon Musk and Bill Gates. The bitcoin accounts associated with their ransomware scam received more than 400 transfers totalling over US$100,000 (£87,000).

The past few years have seen a surge in specialist cybercrime insurance policies. The global cybercrime insurance market is predicted to grow from US$7 billion in gross written premiums (GWP) in 2020 to US$20.6 billion by 2025.

Insurers need to do more to discourage incompetent security practices. Car drivers must pass theory and practical driving tests. But cyberinsurance policies rarely audit the IT security of an organisation before the policy is finalised.

A standardised ISO norm (quality management standards internationally agreed by experts) for software did not exist until 2015. It means customers have no way of judging the security standards of anything produced before 2015. Even now, some of the risk assessments a software would go through in its lifetime could be less rigorous than for the kettle in our home. And ISO testing is voluntary.

The market lacks understanding of large-scale, sophisticated, cyber-attacks. The insurance sector works by determining the probability of an incident happening and the impact it would have. The cyberinsurance market struggles to forecast the likelihood of cyber-attacks because changes in digital technology can be so unpredictable. Attackers’ capabilities and intentions shift rapidly.

Most insurers currently have no long-term data for cyberincidents or ransomware. This has led to underfunded cyberinsurance programs, which rely heavily on optimistic financial models.

As a result it is getting more difficult to secure cyberinsurance as the growing number of claims is forcing valuers to be more discerning in the clients they accept. Lloyds of London released new rules in December 2021 stating that underwriters will no longer cover damage caused by “war or a cyberoperation that is carried out in the course of the war”.

Insurance premiums increased by 22% in 2020 and a further 32% in 2021 across 38 countries. The cost incurred by the business gets passed on to customers. The ransomware demand will contribute to the overall rise in living costs as ransomware costs are being passed on to the customers.

As part of my work with the Northern Cloud Crime Centre, I looked at the effectiveness of laws in the UK to regulate criminal activity in the Cloud. I found the cybercrime legislation in the UK has failed to keep pace with technological and market developments over the past 30 years. The Computer Misuse Act 1990 needs updating to make it more effective at policing cybercrime. If we cannot fix the situation, it will threaten jobs and investment in the UK.

Ransomware attacks are so effective because they exploit human weaknesses and organisations’ lack of technological defences.

Law enforcement authorities advise ransomware victims not to pay the ransom because it encourages further attacks and fuels a vicious cycle.

But prevention is the best solution. Organisations need to put more effort into developing security measures such as a multifactor authentication system. Managers also need to carry out penetration testing, where a cybersecurity expert searches for vulnerabilities in a computer system.

Businesses are legally obliged to have a fire plan in place. The time has come formandatory ransomware and phishing resilience testing. The insurance industry needs to set minimum security requirements as part of the risk assessment. Organisations need greater transparency regarding what security they do and do not have in place.

Consensus is growing among researchers that solid cybersecurity can’t be achieved with technology alone because a human errors are to blame for a huge amount of incidents. The UK government is proposing new laws to regulate cybersecurity standards. But these laws won’t work if it doesn’t invest in public education about phishing threats.

Cybercrime insurance can help minimise business disruption, provide financial protection, and even help with legal and regulatory actions after a cyberincident. But it will not solve the problems that created the vulnerability to an attack in the first place.

Disclaimer: This asset – including all text, audio and imagery – is provided by The Conversation. Ticker News does not guarantee the accuracy of, or endorse any views or opinions expressed in, this asset.

Continue Reading

Tech

Meta locks in NVIDIA GPUs with CoreWeave until 2031

Meta’s landmark deal with CoreWeave secures NVIDIA GPU access through 2031, reshaping the AI and cloud infrastructure landscape.

Published

on

Meta’s landmark deal with CoreWeave secures NVIDIA GPU access through 2031, reshaping the AI and cloud infrastructure landscape.


Meta has struck a landmark deal with CoreWeave, securing long-term access to scarce NVIDIA GPU capacity through 2031. This partnership has the potential to reshape the cloud and AI infrastructure race, giving Meta a powerful edge in an industry where compute power is now as valuable as capital itself.

Brad Gastwirth from Circular Technology joins to break down what CoreWeave offers that AWS and Azure don’t, and how this deal validates the rise of specialised cloud providers. With GPU scarcity at record levels, the move highlights the lengths tech giants will go to secure critical resources.

We also explore what this means for the AI supply chain, from hyperscalers to startups, and whether power availability is now as big a bottleneck as chips. Subscribe to never miss an episode of Ticker – https://www.youtube.com/@weareticker
:
#Meta #NVIDIA #CoreWeave #AI #CloudComputing #GPUs #TechNews #TickerNews


Download the Ticker app

Continue Reading

Tech

OpenAI completes $6.6 billion share sale at $500 billion

OpenAI completes $6.6 billion share sale at $500 billion valuation, cementing status as top private company globally

Published

on

OpenAI completes $6.6 billion share sale at $500 billion valuation, cementing status as top private company globally

video
play-sharp-fill
In Short:
– OpenAI’s $6.6 billion share sale allows employees to sell stock at a $500 billion valuation, up from $300 billion.
– The sale supports employee retention amid intense competition for AI talent without pursuing an IPO.
OpenAI has concluded a secondary share sale amounting to $6.6 billion, enabling current and former employees to sell stock at a valuation of $500 billion, as reported by Bloomberg.This valuation represents a significant increase from $300 billion earlier this year, indicating strong investor interest.

Banner

Reports indicate that OpenAI had initially authorised up to $10.3 billion for the share sale, although only about two-thirds of this was executed.

The offer was made to eligible employees who had held their shares for over two years, with participation starting in early September.

The recent share sale is OpenAI’s second significant tender offer in less than a year, following a $1.5 billion deal with SoftBank in November.

This transaction solidifies OpenAI’s position as the most valuable privately held company globally, surpassing SpaceX’s valuation of $456 billion.

Talent Competition

Intensified competition for AI talent has emerged, with companies like Meta reportedly offering substantial compensation packages to attract top researchers.

OpenAI is part of a trend among startups, including SpaceX, Stripe, and Databricks, utilising secondary sales to allow employee cash-outs while remaining private.

This strategy aims to retain talent and reward long-serving employees without pursuing an IPO.


Download the Ticker app

Continue Reading

Tech

What Saudi Arabia’s role in the Electronic Arts buyout tells us about ‘game-washing’

Published

on

What Saudi Arabia’s role in the Electronic Arts buyout tells us about image, power and ‘game-washing

Jacqueline Burgess, University of the Sunshine Coast

Video game publisher Electronic Arts (EA), one of the biggest video game companies in the world behind games such as The Sims and Battlefield, has been sold to a consortium of buyers for US$55 billion (about A$83 billion). It is potentially the largest-ever buyout funded by private equity firms. Not AI, nor mining or banking, but video games.

The members of the consortium include: Silver Lake Partners, an American private global equity firm focusing on technology; the Public Investment Fund (PIF), Saudi Arabia’s sovereign wealth fund; and the investment firm Affinity Partners, run by Jared Kushner, son-in-law of American President Donald Trump.

The consortium will purchase all of the publicly traded company’s shares, making it private. But while the consortium and EA’s shareholders will likely be celebrating – each share was valued at US$210, representing a 25% premium – it’s not all good news.

PIF acquiring EA raises concerns about possible “game-washing”, and less than ideal future business practices.

EA’s poor reputation

Video games are big business. The global video game industry is worth more than the film and music industries combined. But why would these buyers specifically want to buy EA, an entity that has won The Worst Company in America award twice?

It has been criticised for alleged poor labour practices, a focus on online gaming (even when it’s not ideal, such as in single-player stories), and a history of acquiring popular game studios and franchises and running them into the ground.

Players of some of EA’s most beloved franchises, such as The Sims, Dragon Age and Star Wars Battlefront II, believe the games have been negatively impacted due to the company meddling in production, and wanting to focus on online play and micro-transactions.

Microtransactions are small amounts of money paid to access, or potentially access, in-game items or currency. Over time, they can add up to a lot of money, and have even been linked to the creation of problem gambling behaviours. Unsurprisingly, they are not popular among players.

Current global economic stresses have affected video games and other high-tech industries. The development costs of a video game can be hundreds of millions of dollars. EA has reacted to its slowing growth by cancelling games and laying-off close to 2,000 workers since 2023. So a US$55 billion offer probably looked enticing.

Saudi Arabia’s investment spree

In recent years, the Saudi wealth fund has been on an entertainment investment splurge. Before this latest acquisition, PIF invested heavily in both golf and tennis.

It is a sponsor and official naming rights partner of both the Women’s Tennis Association rankings and the Association of Tennis Professionals rankings.

The wealth fund also helped establish the LIV Golf tour in 2022, in opposition to the Professional Golf Association (PGA). By offering huge sums of money, it was able to attract players away from the PGA. One player was reportedly offered US$125 million (A$189 million). This tactic worked; a merger was announced between LIV, the DPA (European golf tour) and the PGA (North American golf tour) in 2023, with PIF as the main funder.

PIF, via its subsidiaries, has also been acquiring stakes in other video game companies. For example, it is one of the largest shareholders in Nintendo, the developer behind Mario, and purchased Niantic (the company behind Pokémon Go) earlier this year for US$3.5 billion (A$5.3 billion)

Why does PIF want video game companies?

Live sport and video games have a few things in common: they are fun, engaging and entertaining. And being known for entertainment is good PR for a country that has been accused of human rights abuses.

PIF’s investment in sport has been called “sportswashing”: using an association with sport to counteract bad publicity and a tarnished moral reputation. Video games, with their interactivity and entertainment value, represent an opportunity for game-washing.

The fact EA owns many sports games’ franchises would also be a bonus, potentially allowing for further video game and sport collaboration. And the fact the video game industry is projected to keep growing globally makes it a good investment for an oil-rich nation looking to economically diversify.

Beyond game-washing concerns, we also need to pay attention to the type of buyout happening here. This is a “leveraged” buyout, meaning part of the purchase price – in this case US$20 billion (A$30 billion) – is funded as debt taken on by the company. So once the acquisition is complete, EA will have US$20 billion of new debt.

With all that new debt to service, it would only be natural to have concerns about more lay-offs, cost-cutting and increasing monetisation via strategies such as microtransactions. Ultimately, this would result in a poorer experience for players. It seems the more things change, the more they stay the same.The Conversation

Jacqueline Burgess, Lecturer in International Business, University of the Sunshine Coast

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Continue Reading

Trending Now