The increased implementation of supply chain IoT technology, the data explosion of the 5G landscape as well as our reliance on smart devices are all part of the modern digital transformation process of enterprises worldwide. With all of the potential opportunities that are on the prospective horizon, there comes inherent risks too. Here is a look at some of the growing risks and pertinent trends as interpreted by our experts.

The mobile communicate standard of 4G (LTE), with a data capacity of 1 gigabyte per second (Gbps) is in the process of phasing out. This is, of course, making way for the incredible leap to the 10 Gbps capabilities of the 5G network. This literal data explosion has the market for 5G and 5G-related network infrastructure expanding from around $528 million in 2018 to $26 billion in 2022. Due to the exponential growth of the industry in regard to 5G deployment over the next year as well as the expanding introduction of devices to 5G technology: the sheer surface area over which cyber-attacks can take place is becoming increasingly vast.

Even though the advanced ability to back-up or transmit massive volumes of data to cloud-based storage with the strength of 5G will bring many sought after advantages, it also creates new targets for attackers. In particular, the capability of IoT devices to bypass a central router when exchanging data make the devices more difficult to monitor as well as more vulnerable to direct attacks. This means that security that focuses on risk-driven results and resilience will have an increased priority as well.

Living in an Internet of Things (IoT) culture has redefined what it means to always be on. Smart devices are no longer only interpersonal communication devices but are now talking to each other as well – day in and day out.  This collaboration of mobile devices, voice-controlled digital assistants, unprecedented data collection and the delivery of cloud computing resources is bringing interconnectedness to a whole new level and is redefining the present-day supply chain in the process.

With this progress comes higher levels of complexity and increases in unsecured data exchange like never before. This advancement is bringing with it very real vulnerabilities to manufacturing processes and critical infrastructure. The potential for BI-losses has therefore risen as well. A vast network of devices and data transfer means that the origin of data leakage points is becoming more difficult to trace. An understanding of this new ecosystem is more necessary than ever. For businesses to navigate the IoT business of today and tomorrow, certain questions will have to be addressed to maintain risk resilience. The primary keys for moving forward are knowing where their devices are, what data is being generated, whether access to devices is legitimate and thus who needs to have access and why.

No matter if overall ransomware attacks will further rise or continue to decline like at the end of last year, ransomware variants that do strike are anticipated to be more refined in their approach. First of all, targeting in a variety of ways will increase. It is likely that a combination of traditional as well as mobile ransomware hacks combined with different threats being used in tandem, such as an amalgam of phishing, ransomware and cryptojacking. Secondly, while phishing and malware delivered by emails will remain the most frequent type of attack, ransomware targeting user devices and cloud may threaten infrastructure, bringing high impact insurance losses. Additionally disconcerting is that cybercriminals are expected to mature in their methods as well. By becoming more patient, watching and waiting, may mean less attacks with higher impacts. At the same time, the cybercriminal underworld is becoming more collaborative and is consolidating, creating fewer but stronger malware-as-a-service families which could lead to major disruptions and losses.

If currency prices are high in 2019, you can expect to see cryptojacking to become more popular than ransomware when it comes to cybercrime. By taking advantage of compromised computers, cryptojackers can leverage them with users being unaware until its too late. When the cryptojacking program is in full effect, it will use the computer’s CPU to mine cryptocurrencies elsewhere. Once this begins, a computer or network will slow its processing power to keep up with the mining efforts which can cause the system to falter and lead to sluggishness, overheating and potentially downtime. This could result in lost productivity and even a major blackout.

Cryptojacking can be a very attractive technique for hackers since it is more accessible to implement than other methods, the setup is less time consuming, it is harder to track than ransomware for example and, ultimately, it usually provides a bigger payout. There is no greater impact expected on the cyber insurance industry other than cryptojacking for 2019.

Legislation similar to the EU’s General Data Protection Regulation (GDPR) will be in effect at the beginning of 2020 for Canada, California and Brazil. Coinciding with this, Singapore and India are consulting to adopt data breach reporting regimes. Cloud regulation is also expected to increase globally, particularly in Russia and China. During this era of new legislation adaptation, highly-regulated enterprises will need to ensure that their 3rd party counterparts are compliant as well. There has been a recent surge in effort for risk owners and SMEs to understand legislation, but insufficient knowledge and resources have slowed down compliance. Based in part on the gap, experts expect reported data incidents according to the GDPR to have doubled by the end of 2019. For this reason, cyber insurers must remain diligent in the face of shifting regulatory approaches and supervisory practices.

Supply chain and service provider attacks are expected to grow in frequency as well as impact. Infiltrators will continue to seek out new and advanced opportunities to infect software and hardware along the entire supply chain. Experts agree that Breaches, Business Interruptions and Contingent Business Interruptions through 3rd parties will increase throughout the year. Most notably are scenarios in which malware is implanted into legitimate software packages (e.g. updates). This could occur during production at the software vendor or at a 3rd party supplier. Strikes to infect a hardware supply chain with compromised chips or added source code to the firmware will continue to increase as a risk. This high impact on insurance losses like Data Breach, BI and CBI will mean security assurances and existing SLAs (Service Level Agreements) will hardly help to cover severe scenarios. For this reason, BI insurance has never been more important than it is in 2019. By protecting against cyber-related losses, 3rd party and owned regulatory requirements, BI has become even more important than Data Breach protection in many cases. This points to a trend towards more standalone covers for SMEs that offer BI and higher limit agreements.

Regardless of geography or industry, cyber will continue to be a matter of staying informed and remaining risk aware. Munich Re is happy to provide you with the best solutions tailored to your specific needs by offering a broad range of pre- and post-incident services as well as the most forward-looking cyber covers, apps and underwriting platforms on the market.