An annual Allianz SE survey of top risks to organizations has again found that businesses are most concerned about cyber events, for the third year in a row now.
Conducted in late 2023 to gauge feelings about the top risks going into the new year, the global survey includes respondents in 92 countries and has over 3,000 participants. Cyber events shot to the #1 spot in this survey for the first time in 2018, and since then have been at or near the very top of business concerns every year.
Top risks for 2024: Cyber events, business interruption, natural disasters
The 2024 Allianz survey set at least one new record for its thirteen-year history: this is the first time that every size of business reported cyber events as their leading concern.
Small-to-medium businesses did not always rank the category this highly, but seem to be feeling more heat from hackers as their larger counterparts take defense and recovery more seriously. When these businesses exist in the supply chain of a larger entity, they are also often seen as the softest potential entry point. But the survey highlights one other new development: smaller businesses are feeling more financial pressure to outsource their IT services.
The second entry on the top risk list, business interruption, is strongly intertwined with cyber events. A good concrete example of this is the recent attack on MGM, which refused to pay a ransom demand and then spent weeks cleaning up assorted “technical difficulties” at its Vegas casino-hotel properties. The only other category that approaches these two concerns is the prospect of natural disasters, fueled mostly by another banner year for wildfires and a record-setter for damage caused by thunderstorms.
Ransomware, personal device security drive worries about cyber events
The Allianz survey dives into detail about exactly what cyber events are keeping companies up at night. Unsurprisingly, the biggest concern is data breaches. But organizations are also highly concerned about the willingness of hackers to attack critical infrastructure, and to make attempts to cause physical damage to real-world assets.
Ransomware is also still one of the biggest concerns. Ransomware-as-a-service outfits have been a problem for some years, but the barriers to entry for their clientele are now even lower as they provide expanded bundles of technical services. In some cases, the ransomware part is simply being dropped. As organizations improve their awareness and backup recovery capability, some of the gangs have decided to simply steal and extort data instead.
The rise of AI tools is also feeding a rise in cyber crime. Attackers can automate more of their workflow, and use tools to assist in creating code and improving their phishing messages among other functions. Deepfakes are also becoming more convincing, and are increasingly employed in an assortment of scams and fraud.
But perhaps the biggest driver of concern about breaches is the new culture of remote work. Begun by necessity during the pandemic, many employees are now insisting on it as the “new normal.” That means an increasing convergence of personal and work devices that has not been a net positive for cybersecurity, presenting criminals with many new pathways into company networks. Cyber events can even begin with a lookalike mobile app download from the official Google and Apple app stores.
There are, unfortunately, no simple short-term answers to eliminate these threats. Cyber events are also considered the top risk because of the ongoing cybersecurity workforce gap, caused by demand continuing to outpace the amount of new qualified professionals each year (and not projected to change direction in the near term).