Industry executives and experts share their predictions for 2018.  Read them in this 10th annual VMblog.com series exclusive.

Contributed by Matthew Honea, Cyber Director at Cyence, a product family of Guidewire

A Shifting (and Smarter) Approach to Cyber Risk

In today's increasingly digital landscape, a cyber incident has become a matter of when - not if - for businesses of all sizes and industries. According to Allianz 2016 Risk Barometer, cyber incidents are considered the No. 1 emerging risk for the long-term future - and they will only continue to grow in frequency as we head into 2018. As a result, organizations will need to get smarter and more strategic with their cyber risk approach to ensure an attack doesn't bring down an entire company.  

Companies are now looking critically at how people and processes, not solely technology, play a role in their cyber strategy, as well as finding ways to mitigate the risk from cyber incidents. A recent 2016 survey found that 59 percent of organizations are incorporating cyber insurance into their strategic plans to manage cyber risks, signaling an increase in companies seeing insurance as a viable way to protect themselves since technology alone can't fully protect their business. Today, everything from your business to your car to your phone has a cyber risk element that will need to be considered. With that in mind, here's what we expect to see in the next year:

Cybersecurity budgets - smarter, not just bigger

Cybersecurity budgets have been on the rise for a long time, and Gartner now predicts information security spending will top $113 billion by 2020. In 2018, we'll continue to see cybersecurity budgets grow, but beyond just increasing the amount, executives will be more strategic with how they're tailoring budgets to address modern day threats. For example, we expect to see more security budgets include a portion dedicated to cyber insurance to help mitigate uncharted risks or identified risks where technology may not help. Furthermore, we'll start to see insurance leveraged as a way to bridge the gap that technology vendors leave, as cybersecurity solutions can't 100 percent guarantee protection.

Crypto-ransomware becomes more targeted

Ransomware has already evolved tremendously since its inception nearly 30 years ago and in the next year, we expect to see crypto-ransomware advance and become far more targeted. Crypto-ransomware will be a major threat to companies in 2018, as this new era of ransomware will leverage the latest techniques to get smarter, spread faster and target the most critical systems.

Historically, ransomware attacks have cast a wide net and aimed to trick a handful of users to take the bait and pay the ransom to unlock files or devices. With crypto-ransomware, attackers will focus on reaching the highest value systems that can cripple an entire company - rather than targeting everyone and anyone - until the ransom is met. This can readily lead to losses in reputation, revenue and business interruption for victim companies. 

A Cyber Threat to GPS and Geolocation

As autonomous vehicles and transportation systems become increasingly digital, they also become an attractive target for cyber attacks and vulnerabilities. Driverless vehicles and digital transportation systems are almost entirely reliant on GPS and other navigation signals that are receive-only systems and can easily be manipulated, causing system outages, traffic disruptions, and in some cases, be controlled or locked down in exchange for extortion payments - the modern equivalent of piracy on the high seas.

As a result, we'll start to see a shift in how insurance companies manage auto coverage, as they won't be insuring a person behind the wheel anymore, but an algorithm. In the next year, we'll begin to see insurers take a close look at how they should be covering auto in this new autonomous setting, including what types of data they can factor since historical demographics, like age group, won't be applicable.

We're already starting to see companies adjust their cyber strategies to a more holistic approach, and we'll see that trend continue in the new year. Companies will need to keep evolving their strategy, which means taking a comprehensive approach to cyber to get ahead of the constantly evolving risk.

##

About the Author

Matthew Honea is the Cyber Director at Cyence, a product family of Guidewire, where he spends most of his time on research and development related to cybersecurity. He also connects economic modeling, data science and security with overall risk profiles of companies. Prior to joining Cyence, Honea worked in the United States Foreign Service and served in various security management positions.