Leaders representing smaller nations might assume that cyber risk faced by their countries would be much lower than that for larger countries, such as the U.S. or Japan. This belief could be based simply on the number of reported cyber events and associated news coverage within their country. But recent cyberattacks have demonstrated that this view is mistaken. All countries face cyber risk, regardless of size.
On August 25, 2020, the New Zealand Stock Exchange (NZX) was brought offline due to a distributed denial of service (DDoS) attack from an unknown attacker. This attack was repeated over five days, resulting in multiple intermittent market closures. The NZX has since partnered with a leading IT service provider (Akamai) whose content delivery network services have effectively defended against subsequent DDoS attacks.
Earlier this year, RMS® monitored reports of cyberattacks in Australia, New Zealand, and numerous countries across Asia – both DDoS and ransomware attacks – demonstrating that no nation or corporation is immune to cyber risk. This raises the question as to whether cybersecurity is being taken seriously enough in New Zealand and other countries in the region.
RMS has reviewed publicly available information about these cyber events, and we conclude that they are in-line with our current models of cyber risk. In other words, they are not game-changers, but they do serve as a useful wake-up call.
Cyber Risk Is a True Global Peril
Making assumptions about a country’s cyber risk is dangerous. Cyber risk is a true global peril because it does not have the inherent geographic constraints that are prevalent in natural perils (e.g., hurricanes, flood, fire, etc.). Even if they have not experienced cyber losses recently, all regions and countries are at risk.
Here are some of the reasons why cyber is a global risk and applies to all nations:
- Increasing worldwide adoption of computers and automation: This increases the potential for economic loss due to cyberattacks.
- Commonality of software: Across the globe, we all use and rely on similar software and technology. Therefore, a vulnerability is usually a global vulnerability.
- Connectivity: The internet has helped us form a global economy but also makes us open to attacks from anywhere. We are all connected, everywhere.
- Threat actor adaptability and evolution: Cyberattack methods, tools, and strategies that develop in one country or region can be adopted by threat actors in other regions, either by direct imitation or by “supply chain” relationships.
- Increase in government regulation, oversight, and legal sanctions.
Because of these risk factors, the worldwide cyber insurance market is growing. In some countries, the forecast compound annual growth rate is greater than 20 percent. Cyber insurance market penetration has been greatest in the larger advanced countries, such as the U.S., but now smaller countries, such as New Zealand, appear to be entering a rapid stage of growth and market acceptance.
RMS Covers the Growing Global Risk
At RMS, we have built a comprehensive global cyber model, which is designed to allow clients to price affirmative cyber insurance risk as well as understand and measure the potential losses from a variety of systemic cyber events. This includes attritional, large, and catastrophic losses from data breaches, ransomware/malware, cloud outages, DDoS, and financial theft. The model utilizes the custom-built RMS Cyber Incident Database, containing data on hundreds of thousands of cyber losses and events, as well as significant academic input, counterfactual analysis, and scientific modeling.
To cover the growing global risk from cyber, the model has been specifically parameterized to support the U.S., Canada, the U.K., Germany, France, Spain, Australia and Japan. But it can also accommodate other nations using preset options to establish a level of risk for an individual country as yet unparameterized. It allows adjustments to accommodate for changing legislation or different policy forms and conditions. Using our fully customizable model, RMS is also able to work with clients individually to build a view to suit their needs.
With cyber risk on the rise in all nations, effective risk modeling can help grow strong cyber insurance markets to build resilience to this global threat.