Which Industries Are The Most Susceptible to Cyberattacks?

As the world finds itself in the grips of a “cyber pandemic,” businesses are scrambling to identify, mitigate, and transfer risk. Many kinds of cyberattacks are becoming more frequent, with ransomware-related incidents, in particular, increasing drastically over the last two years. That means cyber insurance premiums are spiking too, sometimes as high as 300%.No industry, even cyber insurance carriers, is immune from cyberthreats, but some do have a greater risk of exposure than others. Understanding these distinctions can help brokers and agents make more informed decisions.

[FREE CHECKLIST DOWNLOAD] How to Secure Cyber Insurance Capacity

Industries Most at Risk for Cyberattacks  

IBM's Security X-Force Threat Intelligence Index reports manufacturing is the most frequently targeted vertical within the private sector. In fact, one out of every ten global pharmaceutical manufacturers is at heightened risk of a ransomware attack. In the last two years alone, producers of everything from cars to candy corn suffered infiltrations of their networks. 

On May 30, 2021, for example a Brazil-based meat processing company known as JBS suffered a cyberattack that disabled its beef and pork slaughterhouses. The attack temporarily shut down operations in throughout the United States, Canada, and Australia. JBS paid $11m in ransom to resolve the threat.  

The second-most targeted industry is professional, financial, and business service firms. Dealing with vast quantities of valuable proprietary information, these enterprises are highly appealing targets to criminal hackers pursuing monetary gain. 

According to the Verizon Data Breach Investigations Report, public sector organizations suffered numerous documented breaches in 2021. This is unsurprising given heightened geopolitical tensions and the sophistication of state-sponsored hackers from countries like Russia, China, North Korea, Iran, and more.

Healthcare and mining companies also suffered breaches more frequently than others in 2021. Given that they handle sensitive data and have a significant physical component to their operations — with profound safety implications should hackers strike — they are likely to remain a target for cyberattacks.

In this challenging environment, what can brokers and agents do?

First, they should leverage the same tools carriers use to set premiums. These tools consider characteristics such as the client’s industry and other factors can substantially impact coverage. Carriers are constantly striving to update their risk models and capitalize on advanced analytical platforms that pull data from — among other sources — cybersecurity rating tools.

Second, brokers and agents can better understand the market and communicate with their clients with the basis for pricing decisions in mind. Different organizations will have different levels of cybersecurity maturity, risk tolerances, and operational requirements. Combining these factors will drive their decision-making process when purchasing insurance coverage.

Finally, brokers and agents should be familiar with the insurtech market, specifically electronic placement solutions. Delivering instant quotes via an application programming interface (API), dynamically updating customer proposals based on the latest information, and facilitating rapid and clear differentiation between various insurance product offerings are vital to keeping track of today’s dynamic and rapidly shifting cyber risk landscape.

Staying abreast of the latest developments in cybersecurity, including which industries are likely to be hardest hit by digital attacks, is rapidly becoming a non-negotiable job requirement. 

Knowing where to look for the latest information regarding sector-specific risk profiles and how to deliver up-to-date instant quotes to clients will soon be mandatory skills for those who want to succeed in the insurance world. Only by doing so can brokers and agents serve their customers effectively while at the same time avoiding being caught on the wrong side of a cyberattack.