Skip to main content
main content, press tab to continue
Article | WTW Research Network Newsletter

What you should know about the changing cyber risk

By Elisabeth Braw | December 20, 2019

Amid the growing number of state-sponsored cyberattacks, businesses need to consider their potential role in national security.
Risk and Analytics|Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)
Geopolitical Risk

Refined Kitten evokes the image of a cuddly pet, but the world is about to learn that it can be something very different because Microsoft has just announced that Refined Kitten is a hacker team, believed to be backed by Iran, that can do things virtually no other known hacker group can do, namely infiltrate the control systems of critical national infrastructure, including oil refineries and electric utilities.

Since its inception three decades ago, the internet has offered enormous advances for society. Imagine how you’d go about just one day without the internet. Where would you find information? Imagine having to go to a library to get a simple fact from an encyclopedia, call an operator to find a phone number, or read a newspaper to search for a job and go to a post office to submit your resume.

Imagine if a cyberattack took down internet access of a major city like London or New York or worse: a whole country. That’s the threat that Refined Kitten and the growing number of other state-sponsored hackers pose to the world. The impact of a successful breach could be vast.

Businesses are already feeling the heat of cyber attacks. The latest Cyber Breaches Survey from the U.K. Department for Digital, Culture, Media and Sport reports that during the previous twelve months, 32% of businesses and 22% of charities were subjected to cyber breaches or attacks. Among larger companies (250 or more employees), 61% have experienced cyber attacks.

Hiscox, meanwhile, reports that 61% of business in the U.S., Germany, the U.K., France, Spain, the Netherlands and Belgium experienced cyberattacks in the past year, up from 45% the year before. The mean cost of an incident was $396,000, not an insignificant amount.

State sponsored attacks

While the attackers may seem like the garden-variety criminals that have for so long targeted businesses and individuals alike, the more recent attackers sought to do more than steal money. When Maersk, the Danish shipping giant, was brought down by the NotPetya virus in 2017, news reports initially described the attack as a ransomware incident. But the attackers demanded no ransom.

As was subsequently determined, NotPetya had been created by a hacker group working for Russian military intelligence, and initially targeted Ukrainian government agencies and businesses. Even though Maersk was not the primary target, it was “collateral damage,” as its chairman, Jim Hagemann Snabe, later explained.

Chinese hackers acting as proxies for their government act similarly. In September, telecom providers in Central and Southeast Asia were attacked, for the purpose of tracking Uighurs, the local indigenous people. Only two months previously Chinese government proxies had targeted German industry giants BASF, Siemens and Henkel. C919, China’s new airliner that is set to compete with Airbus and Boeing, is reported to contain a great deal of technology stolen from Airbus and Boeing suppliers by Chinese intelligence officers and hackers.

Iranian hackers acting as proxies for their government meanwhile, have attacked the U.K. Post Office and U.S. companies, the latter in response to a U.S. cyberattack on Iranian computer systems following Iran’s downing of a U.S. drone. But they don’t target U.S. and U.K. companies alone: the Italian oil and gas firm Saipem has been targeted, as have Middle Eastern businesses, the telecom industry, international universities and IT firms.

Further complicating the geopolitical picture, Russian hackers linked to their government have managed to impersonate Iranian hackers, thus ensuring that victims pinned the blame on Iran.

North Korea, too, stages cyberattacks through proxies. A collective known as APT37, for example, has attacked Asian and Middle Eastern companies in a range of sectors including chemicals, electronics, manufacturing, aerospace, automotive and healthcare, apparently not for the purpose of bringing them down but to spy on them. Perhaps even more alarmingly, North Korean government-linked hackers are experts at cyber theft: In 2018, one group alone stole around $1 billion from foreign companies and institutions. Kim Jong Il’s regime uses such booty to fund its geopolitical ambitions.

A tougher adversary

There is good news: although cybercriminals pose a threat to business operations, companies have been getting better at defending themselves, a point Hiscox also makes in its report. The bad news is that cyber attackers working for foreign governments are a tougher adversary than garden-variety criminals.

That doesn’t mean that businesses should retreat from their global positions. Such a step would, at any rate, not protect them from cyberattacks that ignore geographic borders. What it does mean is that they should now think of themselves as participants in national security. The very recognition that a business may be attacked not because it has enemies, or because it’s an easy target, but simply because it’s headquartered in a particular country or has assets another country wants, will make executives better prepared to take on this unconventional threat.


Senior Fellow at American Enterprise Institute and a consultant with WTW Research Network
email Email

Contact us