Cyber criminal malice shifts away from Russia and Ukraine

The geopolitical hotspots for cyber criminal risk have shifted and a collaboration between insurance market players could help restore societal trust and, in turn, economic resilience.

Speaking exclusively to Insurance Times, CFC chief executive Andy Holmes said the cyber specialist’s data had shown a “change in the provenance” of cyber criminals.

And where Russia and Ukraine were previously “the source” of “a lot” of cybercrime, a “big part” of the activity has now “moved slightly further east” to China.

“They’re focusing on different parts of the world, so it might be the Asia Pacific area that sees more of the cyber criminal activity,” said Holmes.

And it’s not just CFC’s data that reflects those sentiments.

SecurityScorecard, for example, released its Cyber conflict and the erosion of trust: Introducing the Cyber Resilience Scorecard report at the World Economic Forum Annual Meeting last week (15 January 2024).

The report highlighted that 24% of cyber attacks originated from China, while the Russian Federation accounted for 15%.

Among the top ten industries affected by cyber breaches were financial services.

SecurityScorecard analysed cyber security hygiene scores across 6.3m entities situated in 189 counties across 17 geographic regions for the report.

Those were then combined with data from the International Monetary Fund’s (IMF) 2022 GDP per capita economic data.

‘Trust isn’t abstract’

However, SecurityScorecard highlighted in its report, a threat actor operating from a particular region does not mean that is where they are physically located – therefore, the “geography in question is host to operational infrastructure, which is often in the form of compromised information systems owned or operated by unwitting third parties”.

In terms of the threat actors behind the malicious cyber activity, SecurityScorecard pointed to just ten groups – who accounting for 44% of the incidents in its data holdings.

The most active threat actor in the dataset was the APT28 group, which was responsible for over 6.32% of incidents, followed by Cobalt Group at 5.8%.

“Cyber threats reach beyond physical and economic disruptions to undermine societal trust, particularly in governments and the economy,” the report said.

“Why does this matter on a global scale? Trust drives revenue in the private sector and engagement in the public sector. Trust isn’t abstract – you can earn and strengthen it.”

With cybercriminals’ shift of focus in mind, Holmes said CFC was now looking to “partner with established players in other markets, whether that’s Asia Pacific [or] continental Europe”, for example.

“We don’t necessarily want brand recognition. We are happy to be the intel inside behind these established insurers that have got a fantastic set of customers, fantastic history, but they aren’t long on cyber,” he added.

“We can give them essentially cyber in a box, [including the likes of threat analysis and incident response,] and enable them to sell it to their customers under their brand.

“What we get is a new set of cyber buyers who actually need the help because now their geography has been targeted by the criminals.”

CFC’s call for collaboration comes after a plausible risk scenario published by Lloyd’s of London in October 2023, which showed that a major cyber attack on financial services payments systems could potentially result in $3.5tn (£2.8tn) of global economic losses.

The three countries that would experience the highest five-year economic losses based on the model were the US at $1.1tn, followed by China and Japan.

Speaking at the time, Lloyd’s chairman Bruce Carnegie-Brown said: “The global interconnectedness of cyber means it is too substantial a risk for one sector to face alone and therefore we must continue to share knowledge, expertise and innovative ideas across government, industry and the insurance market to ensure we build society’s resilience against the potential scale of this risk.”