Aon's Cybersecurity 2018 Predictions: Companies Will Make Major Enterprise-Wide Changes to Address Cyber Risk

NEW YORK, Jan. 8, 2018 /PRNewswire/ -- As cyber attacks increasingly threaten every aspect of business and grow in volume and scale, companies will be forced to take new measures to address cybersecurity risk holistically, integrating it more aggressively into their enterprise risk management, according to Aon's Cyber Solutions industry specialists in the 2018 Cybersecurity Predictions report. The report outlines a number of specific actions that Aon believes companies will take in 2018 to address cyber threats, as well as other cyber trends that it anticipates in the New Year.

"In 2017, cyber attackers created havoc through a range of levers, from phishing attacks that influenced political campaigns to ransomware cryptoworms that infiltrated operating systems on a global scale. With the growth of the Internet of Things (IoT), we have also witnessed a proliferation of distributed denial-of-service (DDoS) attacks on IoT devices, crippling the device's functionality," said Jason J. Hogg, CEO, Aon Cyber Solutions. "In 2018, we anticipate heightened cyber exposure due to a convergence of three trends: first, companies' increasing reliance on technology; second, regulators' intensified focus on protecting consumer data; and third, the rising value of non-physical assets. Heightened exposure will require an integrated cybersecurity approach to both business culture and risk management frameworks. Leaders must adopt a coordinated, C-suite driven approach to cyber risk management, enabling them to better assess and mitigate risk across all enterprise functions."

The 2018 Predictions look at the ways in which the increasing scale and impact of cyber attacks, coupled with companies having to accept more liability and accountability over cyber attacks, will lead to significant changes in the corporate landscape. The report predicts an expanding role for the chief risk officer (CRO), the importance of implementing multi-factor authentication, the increased threats from insiders, and an expansion of bug bounty programs in new sectors.

Highlights of the Predictions report include:

    --  Businesses adopt standalone cyber insurance policies as boards and
        executives wake up to cyber liability. As boards and executives
        experience and witness the impact of cyber attacks, including reduced
        earnings, operational disruption, and claims brought against directors
        and officers, businesses will turn to tailored enterprise cyber
        insurance policies, rather than relying on "silent" components in other
        policies. Adoption will spread beyond traditional buyers of cyber
        insurance, such as retail, financial, and healthcare sectors, to others
        vulnerable to cyber-related business disruption, including
        manufacturing, transportation, utility, and oil and gas.
    --  As the physical and cyber worlds collide, chief risk officers take
        center stage to manage cyber as an enterprise risk. As sophisticated
        cyber attacks generate real-world consequences that impact business
        operations at increasing scale, C-suites will wake up to the enterprise
        nature of cyber risk. In 2018, expect CROs to have a seat at the cyber
        table, working closely with chief information security officers (CISOs)
        to help organizations understand the holistic impact of cyber risk on
        the business.
    --  Regulatory spotlight widens and becomes more complex, provoking calls
        for harmonization. EU holds global companies to account over GDPR
        violation; big data aggregators come under scrutiny in the US. In 2018,
        regulators at the international, national, and local levels will more
        strictly enforce existing cybersecurity regulations and increase
        compliance pressures on companies by introducing new regulations. Expect
        to see EU regulators holding major U.S. and global companies to account
        for GDPR violations. Across the Atlantic, big data organizations
        (aggregators and resellers) will come under scrutiny on how they are
        collecting, using, and securing data. Under the burden of significant
        and ever increasing regulatory pressures, industry organizations will
        push back on regulators, calling for alignment of cyber regulations.
    --  Criminals look to attack businesses embracing the Internet of Things, in
        particular targeting a small to mid-sized company providing services to
        global organizations. In 2018, global organizations will need to
        consider the increased complexities when it comes to how businesses are
        using the IoT in relation to third-party risk management. The report
        predicts large companies will be brought down by an attack on a small
        vendor or contractor that targets the IoT, using it as a way into their
        network. This will serve as a wake-up call for large organizations to
        update their approach to third-party risk management, and for Small and
        Mid-sized Businesses (SMBs) to implement better security measures or
        risk losing business.
    --  As passwords continue to be hacked, and attackers circumvent physical
        biometrics, multi-factor authentication becomes more important than ever
        before. Beyond passwords, companies are implementing new methods of
        authentication - from facial recognition to fingerprints. However, these
        technologies are still vulnerable and as such, the report anticipates
        that a new wave of companies will embrace multi-factor authentication to
        combat the assault on passwords and attacks targeting biometrics. This
        will require individuals to present several pieces of evidence to an
        authentication instrument. With the new need for multi-factor
        authentication, and consumer demand for unobtrusive layers of security,
        expect to see the implementation of behavioral biometrics.
    --  Criminals will target transactions that use reward points as currency,
        spurring mainstream adoption of bug bounty programs. Companies beyond
        the technology, government, automotive, and financial services sectors
        will introduce bug bounty platforms into their security programs. As
        criminals target transactions that use points as currency, businesses
        with loyalty, gift, and rewards programs -such as airlines, retailers,
        and hospitality providers-- will be the next wave of companies
        implementing bug bounty programs. As more organizations adopt the
        programs, they will require support from external experts to avoid
        introducing new risks with improperly configured programs.
    --  Ransomware attackers get targeted; cryptocurrencies help ransomware
        industry flourish. In 2018, ransomware criminals will evolve their
        tactics. The reports predicts that attackers utilizing forms of benign
        malware--such as software designed to cause DDoS attacks or launch
        display ads on thousands of systems-- will launch huge outbreaks of
        ransomware. While attackers will continue to launch scatter-gun-style
        attacks to disrupt as many systems as possible, the report predicts an
        increase in instances of attacks targeting specific companies and
        demanding ransomware payments proportional to the value of the encrypted
        assets. Cryptocurrencies will continue to support the flourishing
        ransomware industry overall, despite law enforcement becoming more
        advanced in their ability to trace attacks, for example through bitcoin
        wallets.
    --  Insider risks plague organizations as they underestimate their severe
        vulnerability and liability while major attacks fly under the radar. In
        2017, businesses underinvested in proactive insider risk mitigation
        strategies, and 2018 will be no different. According to the report, a
        continued lack of security training and technical controls, coupled with
        the changing dynamics of the modern workforce, the full extent of cyber
        attacks and incidents caused by insiders will not become fully public.
        Many companies will continue to reactively respond to incidents behind
        closed doors and remain unaware of the true cost and impact of insider
        risk on the organization.

To download the full report, click here.

About Aon
Aon plc (NYSE: AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.

About Stroz Friedberg, an Aon Company
Stroz Friedberg, an Aon company, is a specialized risk management firm built to help clients solve the complex challenges prevalent in today's digital, connected, and regulated business world. A global leader in the fields of cybersecurity, with leading experts in digital forensics, incident response, and security science; investigation; eDiscovery; and due diligence, Stroz Friedberg works to maximize the health of an organization, ensuring its longevity, protection, and resilience. Founded in 2000 and acquired by Aon in 2016, Stroz Friedberg has thirteen offices across nine U.S. cities, London, Zurich, Dubai, and Hong Kong, Stroz Friedberg serves Fortune 100 companies, 80% of the AmLaw 100, and the Top 20 UK law firms. Learn more at https://www.strozfriedberg.com/.

Twitter: @StrozFriedberg
LinkedIn: https://www.linkedin.com/company/stroz-friedberg-llc

Stroz Friedberg Media Contacts:
Carolyn Vadino
Chief Communications Officer
cvadino@strozfriedberg.com
+1 917.402.5455

Miranda Tinsley
mtinsley@strozfriedberg.com
+ 1 917.238.2075

View original content with multimedia:http://www.prnewswire.com/news-releases/aons-cybersecurity-2018-predictions-companies-will-make-major-enterprise-wide-changes-to-address-cyber-risk-300578532.html

SOURCE Aon plc