Risk Management
Published  2 MIN READ

Don’t Leave the Door Open for Cyber Fraud

EACT Breakout Session

In a demonstration of how easy it is to fall prey to fraudsters, drawn from real-world experience, criminals found it all too easy to locate employee credentials on the dark web, contact their employer’s IT to make password changes and execute a ransom fraud that escalated into a $100m cost for the business. The case highlighted the impact of losing such huge sums in unplanned cash outflow and, in this instance, a subsequent negative outlook from a rating agency.

The panel’s message was clear: failure to update systems frequently makes it too easy for criminals to inflict damage on businesses, losses can be significant, and cyber risk is now considered a higher immediate threat to business than climate risk.

It was noted that events are conspiring to make fraudulent attacks easier to perpetrate. There are more people working from home. SaaS is increasingly prevalent as more digital technologies are used. And attackers are becoming more sophisticated, with access to cutting-edge tools.

The level of threat means regulators are starting to pay far more attention. New regulation is coming in the EU (including the Digital Operational Resilience Act, and Network and Information Security Directive 2) to combat cyber fraud. And for the first time ever, the U.S. Securities and Exchange Commission (SEC) has individually sanctioned a CIO for failures.