Chubb outlines emerging cyber risks in the US

The first cyber risk trend listed by Chubb is the recent increase in Biometrics Information Privacy Act (BIPA) lawsuits. BIPA regulates the collection, use, storage, safeguarding, retention, and destruction of biometric identifiers (such as retina, iris, or fingerprint scans) and biometric information of employees and customers collected by companies. Chubb noted that biometric data regulation varies at state level and has been a focus of both US federal and international legislators and regulators. The insurer recommended that companies that utilise biometrics understand the legal requirements of each state and of the countries they operate in.

A newly detected ransomware called iEncrypt is the second cyber risk trend identified by the report. iEncrypt is typically spread using existing malware such as Dridex or Emotet, and is used to make mid-six to seven figure ransom demands off from its victims. Chubb has recommended that companies prepare malware detection and regular backups of their main systems, especially when ransomware can lead to costly business interruptions.

Financial institutions are also a prime target for bad actors, Chubb found in its report. Citing the Chubb Cyber Index, the insurer revealed that the median cost of a cyber incident has doubled for financial institutions in the past three years.

Chubb Cyber North America head Michael Tanenbaum commented that financial institutions were some of the earliest adopters of cyber security technology and training, but cyber criminals continually evolve in their methods – which means financial companies cannot grow complacent.

The report also noted that most cyberattacks are the result of human error, and thus preventable. In 2019, Chubb found that human error topped the list of cyber incidents – tied with hacking – accounting for 21% of cyber claims for the year. Phishing and other forms of social engineering was the third highest reported cyber incident for claims, at 18%.

“In general, financial institutions are at the cutting edge in terms of cyber security software and processes,” said Chubb Cyber Claims vice-president Anthony Dolce. “However, every day we see situations where one stray click on a well-targeted phishing email can result in losses of millions of dollars.”