Connect with us


Cybercrime insurance is making the ransomware problem worse



Cybercrime insurance is making the ransomware problem worse.

During the COVID-19 pandemic, there was another outbreak in cyberspace: a digital epidemic driven by ransomware.

Several organisations worldwide fell victim to cyber-extortionists who stole data either to sell to other criminals or held it as a ransom for a profit. The sheer number of attacks indicates that cyber security and anti-ransomware defences did not work or have limited effectiveness.

Businesses are turning to cyberinsurance companies in desperation to protect themselves from attack. But the growth of the cyberinsurance market is only encouraging criminals to target companies that have extortion insurance.

A 2021 study from the University of Leeds found there was a massive acceleration in major cyber-attacks on organisations during the pandemic. The paper also showed a “shift in offender tactics which scale up levels of fear in victims … such tactics include a shift towards naming and shaming victims, the theft of commercially sensitive data and attacks targeting organisations which provide services to other organisations.”

A report by global cybersecurity firm Sophos found that 66% of organisations surveyed, from across 31 countries, were hit with ransomware in 2021, up from 37% in 2020. The average ransom paid increased nearly fivefold to US$812,360 (£706,854). Insurance companies often opt to pay the ransoms that cybercriminals demand – 82% of UK companies pay up.

According to US think tank the Council on Foreign Relations 22 countries are suspected of sponsoring cyberattacks, including the United States.

And a new black market in which cybercriminals provide products and services to other cybercriminals is flourishing and driving the surge in ransomware attacks. So-called ransomware allows everyone from teenagers to skilled amateurs to professional criminals to rent malware, encryption tools, and even Bitcoin wallets.

It is like a criminal renting a gun from another criminal who manufactured it.

In July 2020, three teenagers hacked Twitter. The attack resulted in the hijacking of 130 accounts – some of which included high-profile targets including Joe Biden, Barack Obama, Apple, Elon Musk and Bill Gates. The bitcoin accounts associated with their ransomware scam received more than 400 transfers totalling over US$100,000 (£87,000).

The past few years have seen a surge in specialist cybercrime insurance policies. The global cybercrime insurance market is predicted to grow from US$7 billion in gross written premiums (GWP) in 2020 to US$20.6 billion by 2025.

Insurers need to do more to discourage incompetent security practices. Car drivers must pass theory and practical driving tests. But cyberinsurance policies rarely audit the IT security of an organisation before the policy is finalised.

A standardised ISO norm (quality management standards internationally agreed by experts) for software did not exist until 2015. It means customers have no way of judging the security standards of anything produced before 2015. Even now, some of the risk assessments a software would go through in its lifetime could be less rigorous than for the kettle in our home. And ISO testing is voluntary.

The market lacks understanding of large-scale, sophisticated, cyber-attacks. The insurance sector works by determining the probability of an incident happening and the impact it would have. The cyberinsurance market struggles to forecast the likelihood of cyber-attacks because changes in digital technology can be so unpredictable. Attackers’ capabilities and intentions shift rapidly.

Most insurers currently have no long-term data for cyberincidents or ransomware. This has led to underfunded cyberinsurance programs, which rely heavily on optimistic financial models.

As a result it is getting more difficult to secure cyberinsurance as the growing number of claims is forcing valuers to be more discerning in the clients they accept. Lloyds of London released new rules in December 2021 stating that underwriters will no longer cover damage caused by “war or a cyberoperation that is carried out in the course of the war”.

Insurance premiums increased by 22% in 2020 and a further 32% in 2021 across 38 countries. The cost incurred by the business gets passed on to customers. The ransomware demand will contribute to the overall rise in living costs as ransomware costs are being passed on to the customers.

As part of my work with the Northern Cloud Crime Centre, I looked at the effectiveness of laws in the UK to regulate criminal activity in the Cloud. I found the cybercrime legislation in the UK has failed to keep pace with technological and market developments over the past 30 years. The Computer Misuse Act 1990 needs updating to make it more effective at policing cybercrime. If we cannot fix the situation, it will threaten jobs and investment in the UK.

Ransomware attacks are so effective because they exploit human weaknesses and organisations’ lack of technological defences.

Law enforcement authorities advise ransomware victims not to pay the ransom because it encourages further attacks and fuels a vicious cycle.

But prevention is the best solution. Organisations need to put more effort into developing security measures such as a multifactor authentication system. Managers also need to carry out penetration testing, where a cybersecurity expert searches for vulnerabilities in a computer system.

Businesses are legally obliged to have a fire plan in place. The time has come formandatory ransomware and phishing resilience testing. The insurance industry needs to set minimum security requirements as part of the risk assessment. Organisations need greater transparency regarding what security they do and do not have in place.

Consensus is growing among researchers that solid cybersecurity can’t be achieved with technology alone because a human errors are to blame for a huge amount of incidents. The UK government is proposing new laws to regulate cybersecurity standards. But these laws won’t work if it doesn’t invest in public education about phishing threats.

Cybercrime insurance can help minimise business disruption, provide financial protection, and even help with legal and regulatory actions after a cyberincident. But it will not solve the problems that created the vulnerability to an attack in the first place.

Disclaimer: This asset – including all text, audio and imagery – is provided by The Conversation. Ticker News does not guarantee the accuracy of, or endorse any views or opinions expressed in, this asset.

Continue Reading


Why ChatGPT’s latest update will be a game-changer for AI adoption



OpenAI has introduced new updates to ChatGPT, aiming for a more direct and concise conversational style.

  • GPT-4 Turbo is now available to paid ChatGPT users only.

  • “gpt-4-turbo-2024-04-09” will bring greatly enhanced writing, math, logical reasoning and coding.

  • “When writing with ChatGPT responses will be more direct, less verbose and use more conversational language,” OpenAI writes in a post on X.


These changes come in response to user feedback and a desire to improve the efficiency of interactions with the AI model.

Streamlined AI

The adjustments focus on reducing verbosity in ChatGPT’s responses, ensuring that the AI communicates with users more effectively.

By streamlining its language, OpenAI hopes to enhance user experience across various applications, from customer service chatbots to language learning platforms.

This move aligns with OpenAI’s ongoing efforts to refine its models and make them more adaptable to diverse communication needs.

“For example, when writing with ChatGPT, responses will be more direct, less verbose, and use more conversational language.”, writes OpenAI on X.

Continue Reading


Meta’s plans to hide nudity from Instagram DMs



Instagram, owned by Meta, announced plans to introduce features that will blur messages containing nudity in an effort to protect teenagers and prevent potential scammers from targeting them.

Meta’s decision comes amidst growing concerns regarding harmful content on its platforms, especially concerning the mental well-being of young users.

The technology giant has faced increasing scrutiny in both the United States and Europe, with accusations that its apps contribute to addiction and exacerbate mental health issues among adolescents.

According to Meta, the new protection feature for Instagram’s direct messages will utilise on-device machine learning to analyse whether an image sent through the service contains nudity.

This feature will be enabled by default for users under the age of 18, with adults being encouraged to activate it as well.

Meta said that because the image analysis occurs on the device itself, the nudity protection feature will function even in end-to-end encrypted chats, where Meta does not have access to the content unless it is reported by users.

unsplash_image @ Unsplash

Direct messages

Unlike Meta’s Messenger and WhatsApp apps, direct messages on Instagram are not currently encrypted.

However, Meta has stated its intention to implement encryption for Instagram’s direct messages in the future.

Additionally, Meta revealed that it is developing technology to identify accounts potentially involved in sextortion scams. The company is also testing new pop-up messages to alert users who may have interacted with such accounts.

This latest move follows Meta’s announcement in January that it would restrict more content from teens on Facebook and Instagram, aiming to reduce their exposure to sensitive topics such as suicide, self-harm, and eating disorders.

Meta’s efforts to enhance safety measures come amid legal challenges and regulatory scrutiny.

Attorneys general from 33 U.S. states, including California and New York, filed a lawsuit against the company in October, alleging repeated misrepresentation of the dangers associated with its platforms.

Continue Reading


Fake AI law firms avert copyright for SEO gains



It’s been revealed that fake AI-driven law firms are resorting to sending fabricated DMCA (Digital Millennium Copyright Act) infringement notices to website owners.

These deceptive practices aim to generate artificial Search Engine Optimization gains through the manipulation of backlinks, casting a shadow on the integrity of online legal proceedings.

The issue was brought to attention when Ernie Smith, a prominent writer behind the newsletter Tedium, found himself targeted by one such fraudulent firm named “Commonwealth Legal.” Representing the “Intellectual Property division” of Tech4Gods, the purported law firm accused Smith of copyright infringement over a photo of a keyfob sourced from Unsplash, a legitimate photo service.

The firm demanded immediate action to add a credit link to Tech4Gods and threatened further legal action if compliance was not met within five business days.

However, a closer examination revealed glaring inconsistencies with Commonwealth Legal’s legitimacy.

Despite claiming to be based in Arizona, the firm’s website domain was registered with a Canadian IP location, raising doubts about its authenticity.

AI-generated faces

The attorneys listed on the website displayed eerie characteristics common to AI-generated faces, casting doubt on their existence.

Further investigation revealed that these fake law firms resort to such deceitful tactics to manipulate backlinks, which are crucial for improving a website’s search engine ranking.

Backlinks from reputable sites contribute to SEO, and exploiting this vulnerability, fake firms attempt to boost their clients’ online presence through artificial means.

The sinister nature of these actions extends beyond mere SEO manipulation.

They undermine the trust in legal proceedings and pose a threat to the integrity of online content. The emergence of AI-driven deception in legal matters underscores the need for vigilant scrutiny and robust measures to combat such fraudulent activities.

Continue Reading
Live Watch Ticker News Live

Trending Now

Copyright © 2024 The Ticker Company