Skip to main content

Mid-Year Cyber Protection Update: The Road to Data and Identity Security

With the first half of 2024 in the rearview mirror, the team at Cyberscout®, a TransUnion® brand, thought now would be a good time to check the status of predictions made in The Roads to Data and Identity Security eBook.

Let’s see how the six predictions regarding cyber threats and security trends have performed, and how they may influence the cyber protection marketplace for personal and commercial line policyholders.

 

Prediction 1: To minimize risks created by human error — like using the same passwords for personal and work accounts — companies will begin phasing out passwords and replacing them with tools like passkeys.

  • What’s the latest? While adoption of passkey technology is still in the early stages, a migration to this standard is clearly underway. A recent study found passkey use climbed 400% during 2024.
  • Cyber protection impact: As passkeys become the new standard, insurers may want to look for ways to incentivize early adoption of the technology; for instance, encouraging commercial policyholders to require this security measure for account and system access.

 

Prediction 2: Criminals will continue to take advantage of human nature, relying on social engineering attacks more than ransomware. 

  • What’s the latest? During the first half of 2024, there were nearly twice as many phishing attacks as ransomware. This continues the trend of targeting the human attack surface rather than directly challenging cyber defenses via malware.
  • Cyber protection impact: Employees will continue to be targeted as the weakest link in a company’s cyber defenses. Insurers need to impress upon commercial policyholders the importance of training and educating workers against social engineering attacks.

 

Prediction 3: As access to generative artificial intelligence (GenAI) tools expands, identity thieves will take their synthetic identity toolboxes to the next level.

  • What’s the latest? Given the sharp rise in criminal use of GenAI, the FBI issued a warning during the second quarter of 2024. Criminals are not only using GenAI to create social engineering schemes but also to conduct voice and video cloning scams.
  • Cyber protection impact: Policyholders who take preventative action can reduce many of the risks associated with synthetic identity fraud. Consumers may consider adding identity monitoring service, while businesses might explore identity verification solutions.

 

Prediction 4: Multi-factor authentication (MFA) bypass attacks will climb as criminals become more adept at intercepting email and texts.

  • What’s the latest? Criminals continued to get around MFA systems — with one cybersecurity firm reporting nearly 50% of incidents in the first quarter of 2024 involved MFA bypass attacks.
  • Cyber protection impact: While deterrent measures like MFA can keep some attackers at bay, cybersecurity professionals expect committed criminals to continue developing new bypass attacks. Sufficient cyber coverage is now business-critical for companies of all sizes in all sectors.

 

Prediction 5: The growth of microbusinesses — and their reliance on outside vendors to conduct core business processes — will help accelerate supply-chain data breaches.

  • What’s the latest? Cybercriminals continue to zero in on third-party service providers to access more data records with less effort. As a result, TransUnion found third-party breaches were more severe in Q1 2024 — with an average breach risk score 31% higher than first-party breaches.
  • Cyber protection impact: Insurers should explain the risks policyholders face from third-party vendors and connect them with the right coverage. Policyholders should find out how their internet service providers, mobile carriers, payroll firms, etc. protect client data.

 

Prediction 6: Given the increased frequency and severity of supply-chain breaches, larger businesses will require small business vendors to buy cyber insurance.

  • What’s the latest? Among small businesses, only 47% have cyber insurance coverage. With supply chain disruptions costing $82 billion, larger companies want vendors to prove — and improve — their cyber postures.
  • Cyber protection impact: Micro and small business owners need to know the too-small-to-be-targeted mindset is not only wrong — but the opposite is actually true. They must realize their size and lack of defenses make them more attractive targets for hackers looking to access client data.

In today’s digital world, having sufficient cyber protection is vital for personal and commercial lines alike. To dive deeper into why these trends are occurring — so you can better advise your customers — get your copy of The Roads to Data and Identity Security eBook.

For more insights into how you can enhance your cyber program, visit our TruEmpowerTM Cyber Protection page.

Do you have questions? Our team is ready to help.