In North America, what tendencies are putting companies at danger of cyberattacks?

Businesses in North America are facing new cyber risks this year due to developments in generative AI, the rise of ransomware, changes in regulations, and the intense US election season.

That’s because the 2024 Allianz Risk Barometer confirmed that cyber events continued to rank as the top worldwide risk for the third consecutive year.

While Canada ranks cyber incidents second, the US and 17 other countries prioritize them. According to Allianz, company leaders’ top three fears were ransomware (53%), attacks on key infrastructure and physical assets (53%), and data breaches (59%).

Allianz Commercial North America’s cyber head, Tresa Stephens, was disappointed that cyber risk remained the top focus. Changes in cyber vulnerabilities are being driven by new technologies like AI and the need for regulations to adapt to the growing amount and types of technology use.

Financial and political threats are the primary causes of cyber incidents. When the economy is bad or geopolitical or sociopolitical conditions are tough, more people will engage in online criminal activities.

Will there be more “cat-and-mouse games” involving ransomware in 2024?
Businesses in the United States and Canada were understandably worried about the rise of ransomware in 2023. Allianz reports that the number of insurance claims associated with ransomware increased by over 50% in 2018 compared to 2022.

In my opinion, it’s not going anywhere anytime soon. Stephens did mention that ransomware activity has had its ups and downs in the past few years.

According to Stephens, a number of factors affect the “waxing or waning periods” of ransomware activity. One explanation is that cybercriminals are changing up their tactics as firms increase their spending on cybersecurity measures.

She went on to say that since “businesses catch up to the tactics,” threat actors then devise new methodologies to breach companies’ computer systems. So, if ransomware isn’t working, the bad guys may start using business email compromise instead, which would make that threat vector more prevalent. However, the game of cat and mouse keeps moving back and forth.

Stephens argues that cyber underwriters should be particularly wary of rising sociopolitical tensions in the months leading up to the US presidential elections.

During her election years, she told Insurance Business, “We don’t sleep as well.” She seemed to be speaking for most cyberunderwriters when she said this. Since there have been election years with almost no cyber-related activity, it is difficult to say at this time. On the other hand, some bad guys have political agendas, so there’s always a possibility that things will heat up in the run-up to elections.

The impact of generative AI on the cyber threat environment

Cybercriminals are now able to launch more agile attacks, thanks to the proliferation of generative AI tools.

Stephens warned that big language models like ChatGPT can profit from people’s mistakes.

Stephens claims that generative AI can help threat actors develop more effective malicious code and launch larger phishing campaigns by exploiting carefully picked terms. In numerous ways, generative AI raises the stakes. A major variable is that threat actors can do it more quickly, efficiently, and cheaply.

Businesses should educate their employees about the dangers of cyberattacks fueled by artificial intelligence. Organizations can invest in solutions based on artificial intelligence and machine learning to ward off threat actors’ progress, and security awareness training is crucial for addressing evolved threats.

It’s hard to fight an adversary you’re not familiar with, Stephens remarked. The cyber leader went on to say that companies may “fight fire with fire” by using AI tools to counter AI attacks.

AI is great at recognizing patterns, which means it can easily spot harmful relationships, according to Stephens.

The threat actors’ toolkits and applications that allow them to target businesses are also the ones that businesses can easily use to protect themselves against attacks. These tools will be used more frequently in the future to safeguard companies.