Cyber risks surge –are organisations prepared?

IN Partnership with

Ransomware, phishing and AI-generated deepfakes are all circling and waiting to strike. Delta Insurance discusses the latest emerging cyber threats and the state of preparedness among New Zealand organisations

THE CYBERSECURITY landscape has grown increasingly complex in 2024. New technology is emerging, and attackers are constantly refining their methods, demanding a more sophisticated response from New Zealand organisations. Speaking to Insurance Business, Delta Insurance senior liability underwriter and cyber product lead Joanna Quigan offers insights into the evolving nature of cyber threats, including the rise of AI-driven risks, and highlights essential cybersecurity practices for organisations.

Delta Insurance was established in 2014 to answer the call for insurance in new or specialised areas, with exceptional customer service – all underpinned by transparency and integrity. Today, Delta Insurance covers over 30,000 risks in New Zealand, Singapore and Australia and is proud to have won ANZIIF’s Insurance Underwriting Agency of the Year award for the last five years for its continued focus on customers.

Find out more

“As new technology advances and cyberattacks become more sophisticated and costly, it’s crucial for organisations to adopt a proactive and layered approach to cybersecurity”

Joanna Quigan, Delta Insurance

“As new technology advances and cyberattacks become more sophisticated and costly, it’s crucial for organisations to adopt a proactive and layered approach to cybersecurity,” Quigan says. For companies, this starts with the basic, tried-and-tested security measures. Strong cyber hygiene practices such as multi-factor authentication (MFA), patch management and secure backups are all vital to a strong cybersecurity foundation. The use of endpoint detection systems, which monitor networks and devices for malicious activity, is equally important. However, while technical measures are vital, Quigan highlights that the “weakest link” in cyber resilience always remains the same – people and human error. This means that ongoing training on the latest cyber threats, phishing simulations and testing are vital to keep cybersecurity front of mind. Beyond day-to-day operations, Quigan stresses that boards of directors should play a hands-on role in overseeing their organisations’ cybersecurity risk posture. Cyber risks can no longer be left solely to the IT department – they are a governance issue that can impact the entire business. “Boards of directors must ensure they maintain appropriate oversight of the cyber risk posture of their organisations,” she states. “Lastly, consider purchasing cyber insurance to form part of your organisation’s broader risk management strategy,” Quigan adds. “This will help mitigate and protect against the financial and operational impacts of a cyberattack, should an incident occur.”

AI isn’t just helping us write reports and cover letters – it is also quickly emerging as a significant cybersecurity threat. Quigan notes that this can take many forms, including phishing, malware deployment and credential harvesting. One particularly concerning trend is the use of AI-generated deepfakes – false media like videos and audio that impersonate individuals to carry out phishing scams. Ransomware has also remained a prevalent issue. Recent global statistics show that while there has been a decline in successful ransomware attacks in 2024, the severity of the incidents has increased. However, the good news is that resilience to

attacks is increasing, and fewer companies are suffering major financial or data losses.

“As organisations continue to invest in cybersecurity to strengthen their cybersecurity posture, this has resulted in a decline in ransomware payments, as organisations are able to recover lost or encrypted data through their backups and avoid paying the ransom,” Quigan says. Another key threat is business email compromise, where cybercriminals gain unauthorised access to email accounts, often leading to fraud, such as invoice manipulation. Quigan emphasises the role of MFA in preventing such attacks. “Multi-factor

“Ensuring that accumulation risk is managed carefully is critical for the long-term sustainability of the cyber insurance market”

Joanna Quigan, Delta Insurance

To stay resilient and prepare for potential future disruptions, Quigan emphasises the importance of strong disaster recovery and business continuity plans. Regular testing of these plans, collaboration with third-party vendors and assessment of potential vulnerabilities are all essential steps in building resilience against large-scale cyber events and unplanned outages, like the CrowdStrike outage. Cyber insurance also continues to play a vital role in security efforts. Quigan notes that the market has shifted towards ‘softer’ conditions in 2024, largely due to an improvement in

cyber hygiene across businesses, as well as advancements in underwriting technology. “Still, ensuring that accumulation risk is managed carefully is critical for the long-term sustainability of the cyber insurance market,” Quigan says.

Emerging threats of 2024

Importance of proactive approach

Lessons from 2024

Published 07 Oct 2024

Importance of a proactive approach

Lessons from 2024

As businesses continue to adapt to new and emerging threats, recent high-profile cyberattacks have thrown light on some valuable lessons. CERT NZ’s Cyber Security Insights Report for Q2 2024 shows that while the number of cyberattacks has decreased, financial losses from successful attacks have grown. Quigan says this is due to the increasing sophistication and scale of attacks, and this underscores the importance of ongoing vigilance. One notable example of a recent large-scale incident is the 2024 CrowdStrike outage. Caused by a faulty software update, this incident resulted in approximately 8.5 million systems crashing and worldwide financial losses of around US$10 billion. Considered one of the largest outages in the history of IT, it is a stark example of how one mistake can cause a catastrophic level of disruption and loss.

As cyber threats continue to become larger in scale, more sophisticated and more ambitious, businesses need to adopt a multilayered approach to cybersecurity. Focusing on good cyber hygiene, employee training and proactive risk management strategies – such as cyber insurance – organisations can better protect themselves against the financial and operational consequences of an attack. The human element is also vital, and regular education and awareness training remains a cornerstone of cybersecurity efforts. To find out more about the state of cybersecurity in 2024, and how Delta Insurance helps protect organisations against cyber threats, click here.

Staying prepared

Specialty

Best in Insurance

Resources

Risk Management

News

RSS

Sitemap

About us

Conditions of Use

Terms & conditions

People

Direct financial losses up 3% from Q1

Impact of cyberattacks in New Zealand, Q2 2024

28% of incidents reported a financial loss

authentication is key to tightening security, especially in cases where credentials may have been compromised,” she says.

Reported incidents down 22% from Q1

Source: CERT NZ Cyber Security Insights Report, Q2 2024

Cyber incidents affecting NZ organisations, Q2 2024

32% Phishing and credential harvesting

18% Unauthorised access

12% Website compromise

23% Other

15% Scams and frauds

Source: CERT NZ Cyber Security Insights Report, Q2 2024

Emerging threats of 2024

Lessons from 2024

Specialty

Best in Insurance

Resources

Risk Management

News

RSS

Sitemap

About us

Conditions of Use

Terms & conditions

People

Specialty

Best in Insurance

Resources

Risk Management

News

Importance of proactive approach

Staying prepared

RSS

Sitemap

About us

Conditions of Use

Terms & conditions

People