Cyber attacks1 are increasing in frequency, sophistication and impact, with perpetrators continuously refining their efforts to compromise systems, networks and information worldwide.
The financial sector is one of the more prominent targets for such attacks, and recent incidents involving financial institutions in Bangladesh, Vietnam, South Africa, Japan and Ecuador demonstrate the absence of geographic constraints in cyberspace.
A survey compiled by Australian Prudential Regulation Authority (APRA) has found that 46% of insurers have suffered a cyberattack serious enough to warrant attention of executive managers.
Cyber security threats continue to evolve. Given the observed frequency of significant cyber security incidents, the range of threats and the prevalence of high risk cyber security findings, it is important that all regulated entities have an ongoing strategy to address the evolving forms of cyber risk states the information paper accompanying the survey report.
Across the financial sector, 21 per cent of survey respondents had been hit by a number of ‘potentially high impact’ incidents. These included ‘advanced persistent threats,’ where a network is broken into to steal information, and ‘denial of service’ attacks, aimed to bring down a website.
Is the insurance industry prepped for cyber attacks? https://t.co/mYXeAPGqkI pic.twitter.com/ansM6Lihi7
— Xchanging Insurance (@XchInsurance) June 14, 2016
Fourteen per cent of institutions had experienced ransomware attacks, or the use of malicious software to infiltrate a network and make data unreadable. One in eight institutions, on the other hand, had experienced reputation damaging incidents, such as website defacement and hacking of social media accounts. In response to increasing cyber security incidents, APRA flagged tougher scrutiny in this area, and advised boards and top managers to prepare well against cyberattacks.
APRA intends to lift the supervisory and regulatory expectations for regulated entities to not only secure themselves against cyberattacks, but to implement improved mechanisms to quickly identify and remediate successful attacks when they occur,” it said.