Join

Jobs

Login

Member to Member Deals

News

Cyber Attackers are Impacting Every Industry

As we progress through 2025, the cyber threat landscape is increasingly complex for all organizations regardless of size or industry. However, each industry faces unique cyber threats. For instance, organizations are targeted by ransomware attacks on patient data, while financial institutions deal sophisticated phishing schemes. Despite these challenges, common trends emerge, such as the rise of business email compromise, supply chain attacks, ransomware, and cybercrime. Recognizing these trends is essential for businesses to develop effective strategies for asset protection and long-term resilience.

Latest Trends in Cyber Threats

  1. Business Email Compromise (BEC): BEC remains a prevalent attack, where cybercriminals access legitimate email accounts through social engineering or compromised credentials to impersonate the account holder and deceive recipients into sending money or sensitive information Additional info: https://www.ic3.gov/PSA/2024/PSA240911
  1. Supply Chain Attacks: 60% of organizations work with more than 1,000 third parties, and this reliance on third parties continues to grow. Cybercriminals exploit vulnerabilities in third-party vendors as an entry into organizations, leading to data breaches and operational disruptions. 73% of organizations have experienced significant disruption caused by a third party (https://www.marsh.com/en/services/cyber-risk/insights/defining-uncovering-cyber-risks-digital-supply-chain.html).
  1. Ransomware: Ransomware remains a dominant threat, with attackers not only encrypting data but also threatening to leak sensitive information if ransoms are not paid. This dual threat has heightened the stakes for organizations, particularly in sectors like healthcare and finance.
  1. Wire Fraud: Wire fraud schemes are one of the most prevalent attacks we see, and they are becoming more sophisticated. Attackers conduct detailed research on targets to craft convincing narratives and are increasingly using AI tools, such as voice impersonation, to enhance their deception. In 2023, the FBI saw $12.5 billion in cybercrime losses (https://www.ic3.gov/annualreport/reports/2023_ic3report.pdf).
  1. Data Breaches: According to IBM, the global average cost of a data breach in 2024 was $4.88M (https://www.ibm.com/reports/data-breach). The frequency and severity of data breaches continue to rise, affecting organizations of all sizes. Cybercriminals are increasingly targeting sensitive customer and employee data, leading to reputational damage and regulatory penalties.
  1. More Class Action Lawsuits: As data breaches become more common, the likelihood of class action lawsuits against organizations that fail to protect sensitive information is increasing. We are beginning to see class action lawsuits with groups as small as 100 individuals, and regulatory requirements continue to shift. This trend underscores the importance of robust cybersecurity measures and compliance with data protection regulations.

The importance of Cyber Insurance Coverage

As cyber threats continue to evolve, the importance of having robust cyber insurance coverage cannot be overstated. Cyber insurance provides organizations with financial protection against the costs associated with cyber incidents. However, selecting the right coverage is not just about choosing a policy; it’s crucial to work with an insurance broker who understands the specific context of your organization’s cyber threats. A knowledgeable broker can help tailor coverage to address the unique risks your organization faces, ensuring that you are adequately protected against potential incidents. Additionally, they can assist in determining the appropriate amount of cyber coverage you should carry based on your organization’s size, industry, and exposure.

Some key cyber coverage items:

  • Breach Response Costs: Legal, forensics, and PR to help guide you through a cybersecurity incident. Legal is going to “quarterback” the event. They will engage forensics to help contain and remediate as well as PR to help manage crisis communications if needed.
  • Cyber Extortion: Costs associated with experts to help negotiate ransomware payments as well as potential ransomware demand payment.
  • Business Interruption: Loss of income or extra expense due to a partial or full interruption of the insured’s computer systems stemming from a security failure. Coverage can also be triggered by a system failure (unintentional or unplanned outage).
  • Contingent Business Interruption: Loss of income or extra expense stemming from a security failure or system failure of a 3rd party an insured relies on.
  • Privacy and Security Liability: Privacy liability is defense and legal liabilities for failure to keep sensitive information and corporate information private or for failure of others that you have entrusted with information to keep it private. Security liability is defense and liability expenses for actual or suspected failure of a computer system to prevent some form of unauthorized intrusion or denial of service to those that rely on those systems.
  • Privacy Regulatory Defense Costs and Fines / Penalties Coverage: Costs to defend and/or respond to an inquiry or action from Attorney General, FTC, or other regulator due to an actual or suspected privacy or security incident and pay for assessed fines/penalties.
  • Cyber Crime: The direct financial loss suffered by an organization arising from criminals leveraging computer systems. This can include social engineering coverage for the loss sustained when an attacker impersonates one of your vendors to intercept a wire transfer. This can also invoice manipulation coverage for the lack of payment received when something like your email is compromised and used to send a fraudulent invoice to one of your customers. 

The cyber threat landscape is more complex and challenging than ever before. Adopting controls such as the Top 12 Key Cyber Controls (mma.marshmma.com/l/644133/2024-12-19/2r9lhj/644133/1734650936UGVFRGOy/Marsh_Top_12_Key_Cyber_Controls.pdf) can help you improve your security posture and insurability. Adopting strong cybersecurity controls and a strong cyber insurance policy are both keys to a successful cyber risk management program.

Kacey Wheeler is a cyber specialist for MMA. She has experience in software development, cyber defense, and cyber awareness training initiatives. She helps organizations better understand and manage their cyber risks across industries. She is committed to continuous learning in a space that is always evolving. 

For more information visit www.MMANorthwest.com/cyber or reach out to Kacey Wheeler at [email protected]