2024 Allianz Risk Barometer:

Cyber incidents have surged to the forefront as the primary global risk according to the latest Allianz Risk Barometer.

In fact, in the latest study published in January 2024, cyber incidents ranked as being even more important than business interruption and natural catastrophes in places 2 and 3, respectively.

Cyber incidents, including ransomware attacks, data breaches, and IT disruptions, along with the closely associated threat of business interruption in a rapidly evolving landscape stand out as the foremost business risks worrying companies worldwide.

Plus, cyber security reaches this peak for the third time and the second consecutive year, and by a significant margin, with 36% of responses, five percentage points ahead of any other risk.

Redefining Risk: Cyber Threats Take Center Stage in Global Concerns

The survey by Allianz reveals a significant shift in global concerns. This trend is reflected across various regions and company sizes, marking the first time cyber threats have dominated the top spot universally. Notably, cyber-related disruptions pose the greatest fear for businesses, while ensuring cyber security resilience emerges as the most pressing environmental, social, and governance (ESG) concern.

The evolving landscape of cyber threats is a result of hackers and criminals leveraging advancements in technology. Artificial intelligence (AI) powered tools are now being employed to accelerate ransomware attacks, devise sophisticated malware, and craft convincing phishing emails and deep fakes. Such tactics are anticipated to proliferate throughout 2024, posing heightened risks to organizations across industries.

Michael Bruch, Global Head of Risk Advisory Services at Allianz Commercial, emphasizes the inevitability of cyber threats as businesses and economies increasingly rely on digital infrastructure. With nearly all facets of modern life intertwined with technology, the vulnerability to data breaches and disruptive cyber-attacks becomes pronounced.

The Allianz Risk Barometer identifies data breaches as the primary cyber exposure of concern, followed by cyber-attacks targeting critical infrastructure and physical assets, along with a surge in ransomware incidents. Against a backdrop of geopolitical instability and deepening dependence on digital systems, the potential for widespread disruption to critical infrastructure emerges as a looming threat, prompting heightened awareness among respondents.

What Does Your Management Think?

The good news in this regard is the significant increase of the buy-in and involvement of upper management. In Europe, for example, the liability of managers for undetected cyber security incidents varies depending on the legal framework and industry. To establish a consistent regulatory framework, the NIS2 Directive and the Digital Operational Resilience Act (DORA) were introduced, outlining specific regulations for managers in case of cybersecurity breaches.

The NIS2 Directive, effective since January 17, 2023, requires EU member states to implement it by October 17, 2024. Here, managers can face personal liability for breaches, with potential sanctions including fines (fines of up to €10 million or 2% of total turnover for Essential Entities and €7 million or 1.4% of total turnover for Important Entities) and/or managerial restrictions.

Organizations must undertake necessary measures, including training, risk assessments, implementation of cybersecurity measures, and incident reporting, to guarantee compliance. Failure to comply poses the threat of substantial fines, making adherence quite crucial.

For more on the cybersecurity liability topic that clearly reemphasizes the need for robust cyber protection, visit my colleague Michael Tullius’ blog.

Surprise: AI is the Answer

Numerous organizations are grappling with how to confront these threats. Alongside maintaining or upgrading the technologies and tactics used to protect their IT infrastructure, another crucial element emerges: the workforce. Employees represent the most vulnerable entry point for attackers, and a deficiency in strong security culture and awareness among employees markedly heightens the likelihood of cyber incidents.

So, given these “human” risks, from liability to the lack of cybersecurity professionals, how about turning towards automation, i.e. artificial intelligence (AI)? Are you already reducing human error in its various forms (being the training and use of new technologies to detect incidents, alert fatigue, lack of visibility into the infrastructure or network, etc.)?

For precise anomaly detection, AI becomes crucial. AI can foster a human workforce and do a lot of the complicated work for you and your team.

Additionally, I’d also like to address the often encountered fear of being replaced or substituted: it's not (only) about making things easier, but, as already mentioned, about creating time and space for the more important things away from the mindless routine. A machine can also do this!

Detect and Protect Automatically

Automated, precise anomaly detection AI (through, for instance, a solution like ExeonTrace) becomes crucial because it can identify and respond to threats more quickly and accurately than humans, reducing the risk of cyber incidents. Furthermore, it can handle, aggregate and also reduce even the largest volumes of data and complex patterns, making it more efficient and effective in maintaining cybersecurity.

So how does an AI-powered solution work? Well, ExeonTrace’s algorithms build a unified view from the metadata, allowing organizations to continuously analyze and monitor IT-, Cloud- and OT networks via a single application. This prevents attackers from moving undetected between these environments, exploiting vulnerabilities, infiltrating the infrastructure, or bypassing existing security measures.

ExeonTrace’s future-proof approach is based on metadata analysis and, therefore, does not require any traffic mirroring. Its AI algorithms are specially built for the analysis of encrypted data, which cannot be analyzed with traditional Network Detection & Response (NDR) solutions.

ExeonTrace also allows for the analysis of multiple data sources, including native cloud applications, and is therefore the leading solution for highly virtualized and distributed networks.

When I mentioned automation, I was also talking about the fact that no hardware appliances are involved, so the deployment and maintenance are a breeze. You will consequently achieve greater scalability effortlessly (hence allowing you to save time and rely on AI as I wrote above!).

It’s the most robust approach to detect even the most sophisticated cyber threats and eliminate them rapidly. And, to circle back to my first point at the start of this blog, it’s also why I am passionate about helping organizations through this threat detection tool. I care for what truly works! So, if you’d like to talk AI and automation or test it out for your infrastructure, reach out to me.