Rapid scaling of technology all along value chains, particularly as businesses revamped operating models in response to the COVID pandemic, has created an “eco-system of interdependencies” which is ideal for exploitation by cyber criminals.

A new Guide to Successfully Managing Cyber Claims jointly published by Aon and Crawford & Company says the scale and the speed to which organisations can now be impacted from a cyber incident has dramatically escalated from earlier days when data theft was the main goal, and business interruption has now become one of the major risks from a cyber breach.

There are now risks of “aggregation and accumulation” of ransomware exposure, for example multiple sites reliant on the same technology or impacted by the same event, as cyber criminals have moved beyond targets in retail, health and financial services which were first singled out for their “rich seams” of Personal Identifiable Information (PII) to use as ransomware leverage or be sold.

“The model of stealing and selling PII in its own right has declined because it is getting harder to monetise. These records have little value on the dark web,” the guide says.

Now, sectors like manufacturing, food and beverage and construction are in the firing line too as threat actors have improved the technology used during ransomware attacks, making it more difficult for organisations to restore compromised systems from back-ups.

“They understand the economic pain points for different types of organisation and are learning how to leverage those to maximise their own financial gain,” the guide says.

They now target organisations whose disruption impacts other businesses that cannot wait for the victim organisation’s backups to be restored, for example Colonial Pipeline which demonstrated the impact an attack can have on the supply chain with long queues for gasoline.

“Threat actors are looking for efficient ways to leverage or magnify their efforts by targeting the software/data supply chain,” the guide said.

While natural catastrophe, fire or terrorism can shut down one manufacturing facility for a single organisation, these risks “do not possess the destructive and all-encompassing infiltration of a well-coordinated ransomware attack” under which operational interruption can extend to weeks through a full network restoration, the guide says.

Before sophisticated ransomware, it was unimaginable that a whole operation with multiple sites around the world could come to a standstill from one threat actor.