Seven Key Cyber

Risk Trends
2021
Helping organisations focus their cyber risk resilience planning
2 Seven Key Cyber Risk Trends 2021

Contents
Introduction.....................................................................................................3

Trend 1: Remote working.............................................................................4

Trend 2: Ransomware....................................................................................5

Trend 3: Internet of Things (IoT).................................................................6

Trend 4: Critical Infrastructure.................................................................... 7

Trend 5: Hyperautomation...........................................................................8

Trend 6: Cryptocurrency..............................................................................9

Trend 7: Increased attacks against Managed Service Providers

(MSPs) and their community..................................................... 10

Where to from here...................................................................................... 11

Learn more..................................................................................................... 11
3 Seven Key Cyber Risk Trends 2021

In this report, Marsh outlines seven emerging key cyber trends to keep an eye on, which are
expected to continue into 2022 and make a key impact on the cyber risk landscape. We hope
these trends will provide useful insights to help inform and shape organisations’ cyber risk
resilience planning and information technology strategies.

Pandemic expands cyber threat landscape The Fourth Industrial Revolution (4IR) has brought advances
like Artificial Intelligence (AI), 5G, Internet of Things (IoT),
and accelerates pace of cybercriminals hyper-automation and cloud-delivered solutions. These have
Although organisations and governments around the world have significantly improved the efficiency and effectiveness in which
been expecting rapid evolution of the cyber risk landscape for companies can deliver products and services, and have provided
some years, never has the threat been more confronting and pace great benefits for consumers who have adopted them. However,
more rapid as it is today. New and significant cyber events seem these technologies have also had the unintended consequence
to dominate news headlines on a weekly basis, with each having of creating a dynamic cyber threat landscape. The pace of
the potential to impact thousands of companies, around the technological advancement in the modern world may be exciting,
world. but it is equally matched by the speed in which threat actors can
find ways to exploit vulnerabilities for financial or political gain.
Making its mark on the world since 2020, the pandemic created

“
This creates significant challenges in planning for the defence of
a rapid shift in working environments. Under enormous time such attacks.
Cyber criminals remain pressure and constraints, companies had to rapidly adapt to
changes in the way they conducted business and the way their
determined and employees worked. Widespread remote working and hybrid
environments allowed many businesses to continue to operate
opportunistic in their through the uncertainty of 2020. However, as employees began

search for vulnerabilities accessing company networks from new locations and new
devices, outside of more secure corporate IT environments,
to exploit, regardless of these inadvertently created new potential points of entry for
threat actors to exploit.
the consequences this may
have on organisations and
any broader implications
or flow-on effects.
4 Seven Key Cyber Risk Trends 2021

1
Remote working
COVID-19 has changed the way we work. This shift to remote working – well after the height of the pandemic
last year – has heightened the risk of businesses being exposed to data breaches due to endpoint vulnerability.

Endpoint vulnerability refers to a weakness in the protection of any device 4. Re-evaluate your endpoint security strategy. If only traditional antivirus
that can connect to a computer network, such as a laptop or smartphone, tools are being used, consider investing in modern endpoint detection
which can be exploited by a threat actor. Most businesses would typically have and response tools that incorporate behavioural analysis and real-time
a form of endpoint protection in place, such as antivirus software or firewalls. response capabilities, which can scan for malicious activities and resolve
However, with threats becoming more advanced, and the number and types them automatically.
of endpoints dramatically increasing as a result of the transition into work-
from-home environments, traditional antivirus tools alone are no longer Endpoint protection comes in many different forms and levels of
sufficient protection for organisations. effectiveness. Following COVID-19, many businesses are adopting permanent
flexible working models going forward to support a sustainable work-life
As we head into the second half of 2021, we expect to see more frequent and balance for their employees. Remote working is not simply a temporary shift,
sophisticated endpoint attacks, with threat actors targeting remote workers but likely to become a permanent feature in organisational culture. Endpoint
and their mobile devices. To help strengthen their cyber security posture in protection will therefore be a key security measure for companies to focus
these circumstances, businesses should consider taking steps such as the on as part of their cyber risk planning.
following.

Some practical steps for companies:

1. Be aware of endpoint protection. Identify endpoints and ensure devices
meet the appropriate level of compliance with security standards.
2. Where possible, limit the use of personal devices for work purposes or for
reviewing sensitive information.
3. If utilising personal devices is unavoidable, ensure software updates are
implemented and patches are up to date on those devices.
5 Seven Key Cyber Risk Trends 2021

2
Ransomware
According to the Global Risk Report 2021, COVID-19 has accelerated the 4IR, expanding the digitisation of human
interaction, e-commerce, online education and remote working. With this significant reliance on technology it is
no surprise that incidents of ransomware increased materially last year, and they remain a prevalent feature of
the cyber threat landscape today. Malicious parties continue to exploit weakened technology networks created
by the shift to remote working, and unscrupulously take advantage of the heighted anxiety in society to lure
potential victims through pandemic themed emails.
There is no doubt that we are in a ransomware epidemic. The escalation in Practical steps for companies:
attacks involving higher ransom payment demands and increased business
downtime have significant financial and operational impacts to companies. • Have offsite and offline backups of your entire digital infrastructure.
Hiscox’s 2021 Cyber Readiness Report showed that 58% of the organisations Test these regularly to ensure the data repository is secure and valid.
surveyed who were targeted by a ransomware attack elected to pay the extortion • Have formalised, consistent training for employees on how to recognise
demand, to either recover data or to prevent publication of sensitive information. suspicious email attachments, links or websites. While it has been said that
people are the weakest link in an organisation in terms of cyber security,
Emerging themes in ransomware attacks: they can also be the strongest defence, particularly against ransomware.
1. Double extortion attacks – In instances where an organisation’s client • Prepare for when, not if. Ultimately, all businesses must be prepared for
personal information had been compromised, in addition to demanding a ransomware attack and have a contingency plan in place for when it
a ransom from the primary victim (the organisation), threat actors also does occur.
sought to exploit individual clients.
The best remedy for a ransomware attack is prevention. Companies need
2. For organisations with perceived weaker backups, threat actors would to adapt their cyber risk strategies to the current threat environment, but
delay the encryption of data to maximise the impact of their attack. be prepared to regularly review and change these as required. Ransomware
3. Threat actors targeted back-ups directly, removing the ability for an should not be viewed as a singular event. Planning for real-time and
organisation to restore their systems. continuous monitoring and response, using cloud-delivered and AI-driven
security that reacts in real-time, is key to strengthening defences against
With a number of widespread ransomware attacks already launched in 2021 this potentially crippling cyber threat.
including what may be the largest reported extortion payment of USD40
million paid by CNA1, we expect this will continue to be a key threat for
companies as the year plays out.
1. securityboulevard.com/2021/04/10-major-cyber-attacks-witnessed-globally-in-q1-2021/
6 Seven Key Cyber Risk Trends 2021

3
Internet of Things (IoT)
IoT represents the extensive network of physical devices that contain software, sensors and other technologies
that allow them to connect and exchange data with other devices and systems via the internet. The use of IoT
devices has proliferated over the last decade and their presence can now be seen in corporate and industrial
environments across a wide range of sectors like manufacturing, healthcare, finance and energy. They are one
of the fastest growing emerging technologies.
There is no doubt that IoT devices have significantly improved Additionally, stolen data from personal IoT devices (name, DOB, home
communication, information sharing and efficiencies in operations for address, voice recordings) can be used to target an individual, their family or
many businesses. However, the increased use of this technology also business in a sophisticated social engineering attack.
creates critical vulnerabilities that organisations should not ignore.
By the end of 2018, there were nearly 22 billion IoT devices in use around the
Security world. This was projected to increase by 73% in 2025 to 38 billion, and
increase by 127% in 2030 to 50 billion2. Our dependence on these devices is
IoT devices range from wearable technologies and smart appliances in our homes, increasing rapidly and becoming embedded in our daily lives.
to robotics used in manufacturing assembly lines. Just as such devices themselves
vary, so too is the security used in them. IoT devices create an expansive attack As with any rapidly evolving emerging technology, constant vigilance is
surface area; the more entry points to a network, the more chances threat actors paramount in protecting individuals and businesses from the threats they
have to gain unauthorised access. If the security of a seemingly innocuous bring. Organisations should ensure there is a clear framework to govern how
IoT device is weak, and in the case of personal devices, passwords are often and when IoT devices are used within their business, what they are
unchanged from the factory default, this may provide easy entry to a wider house connecting to, and a record of the data they are transmitting and/or storing.
or corporate network without needing to bypass traditional IT security tools.

Personal and confidential data

Every IoT device is connected either to the internet and/or another device on
a network. They often collect detailed confidential data from users and their
environments, transmitting it over the internet. If these network connections
are not secure, the risk of confidential data being compromised is significant.

2. www.strategyanalytics.com/access-services/devices/connected-home/consumer-electronics/
reports/report-detail/global-connected-and-iot-device-forecast-update
7 Seven Key Cyber Risk Trends 2021

4
Critical Infrastructure
The term “critical Infrastructure” is used to represent assets, systems and networks that are essential components
to the operation of almost every sector. As the world continues to advance with increasing digitisation, critical
infrastructure is being swept along in this movement.
Manual processes previously used to operate critical assets are becoming Some practical steps:
more reliant on a network of internet-connected devices. Protection of critical
infrastructure has always largely focused on physical threats, however as Working in conjunction with the enhanced security obligations that
infrastructure owners and operators introduce more technology to bolster the proposed legislation would bring, steps that those involved in the
innovation and increase efficiencies, the vulnerability of critical assets to management and operation of critical infrastructure can take include:
digital attacks is also increasing. 1. Framework
– Building a control assurance framework that is aligned to your business
This was shown in the recent ransomware attack against Colonial Pipeline,
objectives.
owners and operators of a major fuel pipeline network across the US East
Coast. The threat to critical infrastructure is immediate, realistic and credible, – Understand what your critical assets or networks are and the current
and the potential costs of interruption as a result of a cyber-attack can be state of your controls to mitigate attacks against these assets.
devastating. Targeting critical assets is becoming more common as threat 2. Enterprise level governance
actors, particularly nation states, are aware of the widespread chaos and
disruption this can cause. – Create broad ownership of cyber risk across key organisational stakeholders.
– Inform and educate boards.
As critical infrastructure is increasingly being exploited, attacked and/or
rendered unusable for long periods of time, it is important for organisations – Create a culture of accountability and responsibility for cyber security.
including governments and businesses to have adequate safeguards against 3. Incident Response
attacks. – Regularly test your organisation’s ability to monitor, respond and
recover from a cyber incident.
– Build muscle memory on how to respond to a cyber security incident.

The above steps can usually be utilised or used as a starting point by any
business in any sector. As with most organisational cyber risk strategies, the
overall approach and action plan need to shift away from reactive firefighting
to proactive improvement and resilience planning.
8 Seven Key Cyber Risk Trends 2021

5
Hyperautomation
Many companies have commenced journeys towards automation over recent years. Robotic process automation
(RPA), technology which mimics the way humans interact with software to perform high volume and repeatable
tasks, has in particular become a key trend for businesses seeking to reduce costs, streamline processing and
drive better customer experiences.3
Gartner has recently forecasted that the RPA software market is expected Hyperautomation challenges:
to reach nearly US$2 billion in 2021, which represents a substantial growth
compared to US$250 million from 5 years ago. Despite economic pressures While hyperautomation offers clear benefits, it is not without challenges:
caused by COVID-19, the RPA market is anticipated to continue to grow at
• Automated systems will now need to work harmoniously with each other
double-digit rates through 2024.
in a single end-to-end solution. If there is an error or vulnerability in one
Hyperautomation, a term coined by Gartner, takes this trend one step further part, this could cascade through the entire process before it is identified,
by combining multiple automation technologies such as artificial intelligence, isolated and addressed.
RPA, event-driven software, machine learning, predictive analytics and other • As automation technologies will be given access to and control of large
business process and automation tools, to create end-to-end automation repositories of data, , compromise of these technologies by a threat actor
solutions. Effectively it is the idea that any processes that can be automated, can provide access to sensitive and confidential information without the
should be automated.4 need to sweep networks to determine their location.

The ability to combine multiple technologies into a single streamlined • Many automated processes will likely be provided with high levels of
process presents an attractive model for businesses. Properly implemented, network access and privilege, presenting potentially calamitous risk
hyperautomation can offer multiple benefits to businesses by reducing the exposures should they be compromised by a malicious actor.5
workload created by time-consuming ancillary or non-critical tasks. With
The challenge then rests with organisations when developing their
administrative burdens and operational costs reduced, employee skills and
hyperautomation strategies to build a model that allows for complete human
time can be deployed more effectively across the organisation to focus more
oversight and continual assessment of the efficacy, and security, of the
directly on revenue generating activities. Hyperautomation can also increase
hyperautomation technologies. This will no doubt be a large part of the future
the effectiveness of data management. A global data confidence survey found
technology landscape.
that only 54% of companies knew where their sensitive data was stored.
Automation technologies can be utilised to locate sensitive data in a network,
classify and store it in a secure location, and deploy continual threat scans 3. searchcio.techtarget.com/definition/RPA
to help protect it. 4. www.gartner.com/smarterwithgartner/digital-workplace-trends-you-cant-ignore/
5. securityboulevard.com/2020/11/what-hyperautomation-means-for-identity-and-data-
governance/
9 Seven Key Cyber Risk Trends 2021

6
Cryptocurrency
Cryptocurrency is expected to become more widely accepted as a legitimate currency through
2021 and beyond. After a period of fluctuation over the last few years and being largely
perceived as a volatile form of virtual currency, the value of cryptocurrency has recently
been on the rise.
The world’s most well-known cryptocurrency, Bitcoin, has quietly Interestingly, legitimate corporate businesses such as PayPal
breached a new all-time high, cruising well past its prior peak and Mastercard are pivoting to accept cryptocurrency as a valid
of US$13,000/coin set in 2017, to hover around US$64,000 as of form of payment, which may significantly change e-commerce
April 2021. This follows a nearly 90% decline from those previous going forward and increase wider public use of cryptocurrency
highs in late 2018,reflecting the highly unpredictable nature of in general.8
this form of currency.6
If the general public and more established institutions begin to
From a cyber risk standpoint, whilst significant pricing volatility consider cryptocurrency as legitimate currency, we may expect
still exists, any resurgence of cryptocurrency’s price may create a range of cybercriminals around the globe to take advantage
greater motivation for cyber-criminals to exploit organisations of the new opportunities this will present. The rise of companies
and individuals for financial gain. Ransomware demands using cryptocurrency trading platforms, cryptocurrency storage
are often made in Bitcoin or other cryptocurrencies due to services, or even individuals storing their private “keys” (to
payments being encrypted and being hard to trace. Cyber- access their digital wallets) on their computers, will incentivise
criminals are profiting from these tactics, with Darknet crypto threat actors to expand their scope of attack to target these
criminal JokerStash retiring in February 2021 after reportedly companies or individuals.
making over an estimated US$1 billion through its underground
marketplace selling stolen credit card and identity data.7

6. nymag.com/intelligencer/2021/01/why-is-bitcoin-making-new-all-time-highs.
html
7. www.reuters.com/article/us-crypto-currency-crime-idUSKBN2AC14R
8. www.thestreet.com/investing/bitcoin-mastercard-twitter-amazon-crypto-
adoption
10 Seven Key Cyber Risk Trends 2021

7
Increased attacks against Managed Service
Providers (MSPs) and their community
It comes as no surprise that MSPs around the world are becoming an increasingly attractive target for
cybercriminals. An MSP can present the perfect entry point to hundreds of companies and their sensitive data.
By successfully breaching a vulnerability within one MSP, cybercriminals can gain access to a multitude of the
MSP’s clients’ networks and devices.
Reliance on MSPs is stronger than ever with predominantly small to
medium sized businesses turning to them for cyber security services. 2019 2020 2021
In 2019, we saw a surge of attacks on MSPs and their clients, with the FBI Attacks on Attacks on Attacks within
and US Department of Homeland Security issuing repeated warnings to MSPs and the products MSP community
MSPs and their technology platform providers of potential attacks.9 their clients which MSPs including clients,
rely upon products and
In 2020 we saw an increase of attacks on the products which MSPs rely services
upon, with hackers leveraging MSP software and tools to disperse
ransomware across their clients’ systems.

In 2021, we will expect to see not only MSPs being targeted, but also an To help ensure your company is in a strong position to minimise potential
increase of attacks within the MSP community including their clients, cyber risk emanating from the use of MSPs, including the following steps as
products and services. part of your cyber risk mitigation processes will be critical:
• Regular engagement with your MSPs to establish clear expectations
and responsibilities.
• Consistent auditing of technology frameworks and connections to monitor
adherence to agreed security standards.
• Adopting a proactive cyber security culture within your organisation.

9. www.channelfutures.com/mssp-insider/fbi-warns-msps-of-cyberattacks-from-
china
11 Seven Key Cyber Risk Trends 2021

Where to from here LEARN MORE

In today’s heightened cyber risk landscape, firsthand knowledge of
cyber threats is invaluable. With over 20 years of experience as a
In the first quarter of 2021, we have seen an active cyber threat landscape with several reported
leading and trusted global risk advisor, Marsh sits at the forefront of
attacks directed at MSPs and threat actors exploiting known vulnerabilities in the Microsoft Exchange
understanding the cyber risk and cyber threats that are emerging
server. The cyber insurance market has served as a valuable and important resource to assist
and impacting companies across the globe. We are uniquely placed
companies in responding to and recovering from such cyber events. The total insured losses from
to help you bridge the gap between risk, insurance and cyber
ransomware events were reported in March 2021 by Hiscox’s London Market cyber team to average
security, linking cyber risk into enterprise risk and enabling prudent
between US$25 – US$50mil.10 The insured loss component comprises not just the ransom amount,
capital investment decisions. We work with clients to enhance
but costs relating to forensics, specialist negotiators, law firms and public relations specialists.
enterprise-level governance of cyber risk, creating broad ownership
Cyber-attacks are expected to continue throughout the rest of 2021, with greater focus by threat of this important issue across key organisational stakeholders and
actors on selectively targeting large businesses to maximise financial gain or for geopolitical reasons. supporting decision making at executive and board levels.

Governments around the world will continue to increase the onus placed on companies to prioritise With a dedicated team of cyber risk and insurance specialists,
cyber security, and protect the confidentiality of the customer data they Marsh is well placed to sit at the intersection of insurance and
are responsible for. cyber security to provide our clients with a company-wide and
quantified view of cyber risk, and assist with cyber risk resilience
Understanding the key cyber risks that will impact your business, and building preparedness and planning. We deliver tailored cyber insurance and advisory
resiliency around these, are key to not just increasing the likelihood of preventing a cyber event from solutions to help organisations manage cyber risk and create
occurring, but minimising the potential economic, operational and/or reputational consequences if effective risk transfer options.
one does occur.
To learn more about how your business can better understand,
measure and manage cyber risk, reach out to your Marsh
representative or contact us here.

10. www.hiscoxlondonmarket.com/blog/top-cyber-threats-businesses-2021
About Marsh

Marsh is the world’s leading insurance broker and risk advisor. With around 40,000 colleagues operating
in more than 130 countries, Marsh serves commercial and individual clients with data-driven risk solutions
and advisory services. Marsh is a business of Marsh McLennan (NYSE: MMC), the world’s leading
professional services firm in the areas of risk, strategy and people. With annual revenue over $17 billion,
Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four
market-leading businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. For more information, visit
mmc.com, follow us on LinkedIn and Twitter or subscribe to BRINK.

This document does not constitute or form part of any offer or solicitation or invitation to sell by either
Marsh to provide any regulated services or products in any country in which either Marsh has not been
authorized or licensed to provide such regulated services or products. You accept this document on the
understanding that it does not form the basis of any contract. The availability, nature and provider of any
services or products, as described herein, and applicable terms and conditions may therefore vary in
certain countries as a result of applicable legal and regulatory restrictions and requirements.

Please consult your Marsh consultants regarding any restrictions that may be applicable to the ability of
Marsh to provide regulated services or products to you in your country.

© Copyright 2021 Marsh MENA LLC. All rights reserved.