This year has seen a worrying resurgence in ransomware and extortion claims as the cyber threat landscape continues to evolve, warns global insurance company, Allianz Commercial in a new report.
The report highlights that cyber breaches that are not detected and contained early can be as much as 1 000 times more expensive than those that are. Allianz Commercial analysis shows that early detection and response can stop a €20 000 loss from turning into a €20 million one.
Cyber claims frequency has picked up again this year as ransomware groups continue evolving tactics,” says Scott Sayce, Global Head of the Cyber, Allianz Commercial. “Based on claims activity during the first half of 2023, we expect around a 25% increase in the number of claims annually by year-end. The attackers are back, and focused again on Western economies, with more powerful tools, enhanced processes, and attack mechanisms.”
General Manager of SATIB Insurance Brokers, Natasha Parry, told Tourism Update that cyber risks seriously threatened the tourism industry. “Hackers can target your business and steal your customers’ personal and financial data, disrupt your operations, damage your reputation, and extort you for ransom.”
She points out that tourism business owners must take proactive steps to prevent and mitigate cyber risks. “Companies also need the right insurance to cover them in case of a cyber incident.”
Parry says cyber protection solutions are very affordable and highly sophisticated. There are many tools and services available that can help companies secure their data and systems, monitor risk exposure, and respond to any breaches or incidents.
A Global Data study, published in June, highlights that a company’s cybersecurity strategy must involve contingency planning, outlining immediate actions, post-breach responses, and understanding the company’s current cyber risks.
Furthermore, according to Global Data, as the digital ecosystems of travel and tourism companies grow, they become more vulnerable to cyberattacks. Data is most secure when all companies across the travel and tourism value chain invest in all layers of the cybersecurity value chain.
Why is the tourism industry vulnerable?
Parry says cyber risks are especially important for the tourism industry because tourism businesses collect and store a lot of sensitive data from their customers, such as names, addresses, IDs, passports, credit cards, travel plans, preferences, etc. “This data is valuable for hackers and can cause serious harm to customers if compromised.”
She adds that tourism businesses rely heavily on online platforms and systems for booking, payment, communication, marketing, etc. These platforms and systems can be vulnerable to cyber-attacks and cause operational disruptions and financial losses if compromised.
Furthermore, says Parry: “Tourism businesses operate in a highly competitive and dynamic market. They need to maintain a high level of customer satisfaction and loyalty. A cyber incident can damage their reputation and trustworthiness and cause them to lose customers and market share.”
What are cyber risks?
Cyber risks are any events that involve unauthorised access, use, or damage of electronic data or systems. Some common examples of cyber risks are:
- Phishing: This is when hackers send fraudulent emails or messages that look as if they come from legitimate sources such as banks, suppliers, or customers. They trick users into clicking on malicious links or attachments, or providing sensitive information, such as passwords or credit card numbers.
- Malware: This is any software that is designed to harm or disrupt a computer or network. It can include viruses, worms, trojans, ransomware, spyware, adware, etc. Malware can infect devices through phishing emails, malicious websites, removable media, or software downloads.
- Ransomware: This type of malware encrypts data or locks a system and demands a ransom for restoring access. Hackers can threaten to delete data, expose it publicly, or sell it to other criminals if users don’t pay the ransom.
- Data breach: This is when hackers gain unauthorised access to data and steal it, modify it, or delete it. They can use a company/individual’s data for identity theft, fraud, blackmail, or other malicious purposes. They can also sell data to other hackers or competitors.
- Denial-of-service (DoS) attack: This is when hackers overwhelm a company website or network with a large amount of traffic or requests, making it slow down or crash. This can prevent users from providing services to your customers, resulting in lost revenue and reputation.
EDITOR’S NOTE: Read tomorrow’s story on preventing and mitigating cyber risks and how insurance can assist.