In North America, what tendencies are putting companies at danger of cyberattacks?

Businesses in North America are facing new cyber risks this year due to developments in generative AI, the rise of ransomware, changes in regulations, and the intense US election season.

That’s because the 2024 Allianz Risk Barometer confirmed that cyber events continued to rank as the top worldwide risk for the third consecutive year.

The United States and 17 other countries rank cyber incidents as their greatest concern, while Canada ranks them second. Ransomware (53%), assaults on vital infrastructure and physical assets (53%), and data breaches (59%), according to a survey by Allianz, were the top three concerns of business leaders.

The head of cyber at Allianz Commercial North America, Tresa Stephens, expressed her disappointment that cyber risk remained the top priority. The rapid changes in cyber exposures are a direct result of the rapid rate of technological advancements, such as AI, and the need for the regulatory landscape to adapt to the ever-increasing volume and variety of technological uses.

Threat actors with monetary and political agendas are the real drivers of cyber events. Thus, more people will be inclined to engage in online illegal activities when economic conditions are poor or when geopolitical or sociopolitical conditions are difficult.

Will there be more “cat-and-mouse games” involving ransomware in 2024?
Businesses in the United States and Canada were understandably worried about the rise of ransomware in 2023. Allianz reports that the number of insurance claims associated with ransomware increased by over 50% in 2018 compared to 2022.

In my opinion, it’s not going anywhere anytime soon. Stephens did mention that ransomware activity has had its ups and downs in the past few years.

According to Stephens, a number of factors affect the “waxing or waning periods” of ransomware activity. One explanation is that cybercriminals are changing up their tactics as firms increase their spending on cybersecurity measures.

She went on to say that since “businesses catch up to the tactics,” threat actors then devise new methodologies to breach companies’ computer systems. So, if ransomware isn’t working, the bad guys may start using business email compromise instead, which would make that threat vector more prevalent. However, the game of cat and mouse keeps moving back and forth.

Stephens argues that cyber underwriters should be particularly wary of rising sociopolitical tensions in the months leading up to the US presidential elections.

During her election years, she told Insurance Business, “We don’t sleep as well.” She seemed to be speaking for most cyberunderwriters when she said this. Since there have been election years with almost no cyber-related activity, it is difficult to say at this time. On the other hand, some bad guys have political agendas, so there’s always a possibility that things will heat up in the run-up to elections.

The impact of generative AI on the cyber threat environment
Cybercriminals are now able to launch more agile attacks, thanks to the proliferation of generative AI tools.

Stephens warned that big language models like ChatGPT can profit from people’s mistakes.

Stephens states that threat actors can easily trick us with carefully chosen words using generative AI, allowing them to generate more effective malicious code and spread more significant phishing campaigns on a large scale. The stakes are raised in numerous ways by generative AI. A major variable is that threat actors can do it more quickly, efficiently, and cheaply.

Businesses should educate their employees about the dangers of cyberattacks fueled by artificial intelligence. Organizations can invest in solutions based on artificial intelligence and machine learning to ward off threat actors’ progress, and security awareness training is crucial for addressing evolved threats.

It’s hard to fight an adversary you’re not familiar with, Stephens remarked.

The cyber leader went on to say that companies may “fight fire with fire” by using AI tools to counter AI attacks.

AI is great at recognizing patterns, which means it can easily spot harmful relationships, according to Stephens.

The threat actors’ toolkits and applications that allow them to target businesses are also the ones that businesses can easily use to protect themselves against attacks. These tools will be used more frequently in the future to safeguard companies.