A brief introduction to Cybercrime

‍

Crime and illicit activities exist since the beginning of the law-based society as we know it. In recent times, crime has taken a step forward in the way that, following the evolution of technology and the creation of private information networks, crime organizations found this technological revolution as a new approach to commit illegal actions. Cyber crime has developed massively in the last few years, evidenced by several cyber attacks and scandals that took place, in the Wikileaks case.

‍

As Lazarus, cybercrime organizations intend to corrupt individual and collective networks, such as social media and bank accounts information systems. Hackers perform this activity, masters of computer handling and technological revolutionaries, that can work individually or for hacking organizations.

‍

In 2012, The Wall Street Journal estimated loss to cybercrime to be $100M(although other reports placed that figure nearer to $1bn); Lloyds believed it to be $400M in 2015. In June 2017 the FBI reported losses had risen 24% in 2016 alone. A fundamental problem is that much of cyber crime goes undetected,causing regulators and financial services companies to change quickly, updating regulations and systems to improve detection rates and slowdown what is increasingly proving to be a cash cow for criminals

‍

A recent case of cybercrime was the attack on SWIFT. Although it was stated that SWIFT provided a safe and reliable environment, numerous hacks against SWIFT have been reported over recent years, which has resulted in clients losing millions of dollars. Researchers have identified that a hacker group known as Lazarus was behind these hacks, linked strongly with North Korea. The attacks exploited vulnerabilities in member banks' systems as the hacks allowed attackers to gain control of the banks’ legitimate SWIFT credentials. What’s more, these hacks can also implant malware, which can remain hidden and allows a new resurgence of hacks later down the line. The hacks in 2015 and 2016 involved malware which issued unauthorized SWIFT messages which then concealed that the messages had even been sent. After moving the funds,the malware was designed to delete the database record of the transfers and basically leave the hackers to go undetected. A similar attack on Bangladesh’s central bank yielded $101m.

‍

As U.S National Archives & Records Administration mentioned, “60% of companies that lose their data will shut down within six months of the disaster [i.e cyberattack].” Firms are becoming more aware of cyber risk and how destructive it can be. As a result, the number of firms contacting cyber insurance companies has been increasing, and estimates suggest that the number will increase in the future.

‍

‍

Forecast for sales of cyber insurance in South America. Taken from the cyber insurance market report 2019-2029

‍

The role of Cyberwrite

‍

Given the volatile environment around cybersecurity and consistently enhanced technology, Nir Perry, Cyberwrite’s CEO and founder acknowledged a marketfailure in the cyber insurance industry, with its core in two great issues:

• Small and Medium-sized Businesses (SMBs) lack the capital to contact insurance companies and, consequently, the skills to defend from a cyber attack.
• The majority of insurance companies were not exactly “cyber experts”. Meaning that they lacked the technology to underwrite their customers with due accuracy and come up with the appropriate policy. So, they failed to provide assistance to their customers effectively.

‍

Therefore,in 2016, the Israeli company was founded to help insurance companies increase their sales through enhanced risk profiling, with a primary focus on SMBs. They are not,however, a cyber risk consultant nor a cyber insurance company. The company is financially backed by American and Israeli angel investors, as well as global investors and accelerators such as Citibank, Speed Invest, Plug and Play, and around 500 startups.

‍

Cyberwrite develops cyber-profiling with the aid of AI algorithms to institutions such as insurers or banks in order to assess a profile of cyber insurance risks and estimate the financial impact they are exposed to, while comparing with the benchmark in a one-page “human-readable” report. The report we used is in fact an actual report, only the company's name was changed due to confidentiality. So, their report is divided into three parts:

‍

Cyber Insurance Coverage scores: Cyberwrite compares the company's risk score with the industry benchmark. The higher the score, the better. In Hooli´s case,their risk policy score is relatively low. From the report, we can check how a large share of their risk score is explained by the lack of coverage regarding Business interruption, stolen records, and data loss.

‍

Describes the different types of cyber risk and compares with the industry benchmark.

‍

From this specific report, we can see how the high risk in industry [whichever industry Hooli belongs to] and the regulatory risk (risk that a change in laws and regulations will materially impact a business) are the major source of Hooli´s cyber risk. The risk is ranked from A [no risk] to E [extremely high risk].

Provides a financial impact assessment (FIA) of a possible cyberattack. Basically, it estimates in quantitative terms how much money the business has at risk. It also mentions the financial loss associated with each risk domain. The FIA is calculated through a simple questionnaire answered by the customer. Again, by checking Hooli´s FIA we can see how they can expect to lose from $100,000 up to $871,000 in case of a cyber attack. We can also check how a large share of this expected monetary loss is derived from the Regulatory expense. Which makes sense because, as we have seen before, Regulatory risk represents a large share of Hooli´s overall cyber risk.

‍

Based on this FIA, customers can estimate how much they should pay to its insurance companies, which, ultimately, increases cyber insurance sales.

‍

To prepare this report, all Cyberwrite requires is the company’s name and its website. They then collect data from millions of sources all over the Internet in order to estimate the risk associated with the customer.

‍

This is a break through in the cyber insurance industry, as it enables insurance companies to make amuch more accurate estimate of how much to charge, making this market more accessible to SMBs. As a result, Cyberwrite has already received some important awards such as the UK Embassy’s British Award for Innovation in 2018 and was named a Cool Vendorin Gartner’s category “Cool Vendors in Insurance, 2018” being one in four insurtechs ever to receive this nomination.

‍

Final comment

‍

All in all, the insurance market is growing at a fast pace. Big budgets have been invested to ensure market-leading insurers are positioned at the forefront of change. It is estimated that approximately $1.7bn was spent in insurtech in 2016. A previously known market as change-averse is now developing rapidly with the aid of monetary expenditure and big data, which improves the creation and constant update of insurance models tailored to each business, as is the case of Cyberwrite.We can expect a continuous evolution of insurtech that is likely to improve market conditions for small and medium enterprises to emerge and grow and for big companies to continue thriving without safety constraints.

‍

Students Authors: Tiago Rebelo, Filipe Ferreira, Tiago Duarte and Lourenço Paramés

‍

This content was originally published in The Awareness News.

‍