Trends in this area include new tactics by cybercriminals to extort payments, novel social engineering attempts to obtain access to sensitive data, and attacks shifting from information technology networks to operations technology. The last trend is speci昀椀cally concerning, as it raises the possibility of bodily injury and property damage. Ransomware attacks more than doubled in 2021 and remained high in 2022, and that threat continues to evolve and persist across all industries and sizes. A Marsh Risk in Context podcast explores a trend in ransomware-as-a-service, which makes the malware widely available to threat actors. What these trends mean for businesses Cyber risk is pervasive, unpredictable and often third-party technology providers (e.g., cloud debilitating from an operational and reputational service providers) where security and privacy perspective. The complex cybercriminal ecosystem con昀椀gurations and controls may not be optimal, has evolved to 昀椀nd new ways to monetize audited, or adapted to the latest security in昀椀ltration directly and via dependent third-party vulnerabilities, and privacy regulations. In its applications that can have a dire impact on small- 2023 Global Threat Report, Crowdstrike identi昀椀ed to medium-sized enterprises (SMEs). Whether an increase of 95% in cloud exploitations which the security or privacy event is unintentional or can disproportionally impact SMEs given this malicious in origin, the impact on businesses in increased target environment. In its 2022 cyber every industry can be signi昀椀cant. Incidents can claims study, NetDiligence found that 98% of the halt operations, disrupt supply chains, generate claims involved SMEs, or organizations with $2 signi昀椀cant 昀椀nancial outlays, contribute to billion or less in revenue. Ransomware was the reputational harm, and potentially invite litigation largest single source of cyber claims for SMEs, and regulatory enforcement actions. followed by hacking. Privacy regulations continue to evolve and In a 2022 study, Marsh found almost enforcements actions are expected to continue 75% of organizations reported to increase to ensure safeguarding of data experiencing at least one cyber including usage, collection, and retention of incident in the past 12 months. third-party information. SMEs tend to be attractive targets by threat Notably, only 3% rated their organization’s cyber actors, because most SMEs rely on data and hygiene as “excellent.” Almost three in four networks but have fewer cybersecurity resources respondents deemed their organization’s cyber than larger organizations. They often rely on hygiene as “satisfactory” or “needs improvement.” Business Business Business InsurInsurInsurance ance ance TTTrrrendsendsends 171717