Editor’s Note: This is the second installment of a two-part series examining how the conflict in Iran is changing global cybersecurity risks for insurers and their clients.
As geopolitical tensions rise, particularly amid the ongoing conflict in Iran, businesses worldwide are increasingly vulnerable to cyber threats. The rapid adoption of artificial intelligence has further empowered threat actors, enabling them to exploit vulnerabilities across diverse sectors. The first part of this series explored how these bad actors leverage global chaos to widen their attack scope and identified their primary targets. This second installment delves deeper into the evolving tactics of these cyber criminals and the implications for insurers and their clientele.
During periods of conflict, the motivations of threat actors become more sophisticated. They tend to target areas of strategic importance, seeking significant visibility and public impact while gaining access to sensitive data. Will Handley, a cyber underwriting executive for MSIG USA, notes that disrupting essential services such as energy and communications can yield real-world consequences. In the financial sector, which is closely monitored during geopolitical spikes, attackers are often driven by motives that go beyond mere financial gain. Instead, they seek to achieve espionage, disruption, and influence. Handley emphasizes that understanding these objectives allows insurers and their clients to better prepare for potential cyber events.
Michael Crean, senior vice president of managed services at SonicWall, highlights the increased aggressiveness of cyber actors amid escalating U.S.-Iran tensions. These attackers are not just probing networks; they are advancing strategically to gain political leverage and financial rewards. Crean points out that conflicts create unique opportunities for embedding malicious code that can be leveraged in future attacks, thereby increasing the risk landscape for organizations.
Michelle Chia, chief underwriting officer at AXA XL, adds that in the context of geopolitical conflicts, the primary focus of cyber actors shifts toward espionage and strategic disruption, rather than solely financial motives. By gathering sensitive information and maintaining dormant access to systems, they can inflict long-term damage. While financial fraud, such as ransomware, exists, it often serves to underwrite broader strategic objectives.
As companies assess the fallout from the Iran conflict, employee vigilance may wane, leaving organizations exposed to increased cyber threats. Chia observes that rising cyber activity amplifies risks for insurers, leading to systemic vulnerabilities. Insurers are now tasked with updating underwriting models, focusing on dependencies in critical infrastructure and government contracts, while simultaneously addressing legal and reputational challenges. This evolving landscape drives insurers to enhance threat monitoring and educate clients about proactive security measures.
Steve Durbin, CEO of the Information Security Forum, raises concerns regarding war exclusions in cyber policies, noting that the ambiguity surrounding state-sponsored attacks complicates claims processes. The Iran-U.S.-Israel conflict exemplifies this ambiguity, compelling insurers to help clients assess supply chain vulnerabilities and incident response strategies. Organizations should not assume existing cyber coverage will suffice under these new conditions.
Judson Dressler, director of the Resilience Risk Operations Center, warns that cyber insurers may face elevated risks of systemic losses from large-scale events, particularly attacks on critical infrastructure. Such incidents can agglomerate losses quickly, affecting multiple policyholders across interconnected sectors. Crean stresses the need for insurers to encourage organizations to fortify their security practices, including rapid software patching and enhanced protections around critical systems.
Mary Ann Miller, VP and fraud executive adviser at Prove, cautions that conflicts embolden cyber criminals, who perceive distractions within organizations as opportunities to launch attacks. Strengthening identity security and monitoring for irregular behavior are vital measures companies should adopt to combat these threats. As Chia advises, organizations should view geopolitical tensions as a catalyst for reinforcing cyber resilience, not just temporarily but as an essential adaptation in an increasingly risky digital landscape.
Handley offers practical recommendations for mitigating risks, emphasizing the importance of hardening identity controls, patching systems, and preparing for potential disruptions. Global events like the Iran conflict present insurers and brokers with an opportunity to educate customers on their risks, highlighting the need for heightened vigilance as threat actors increasingly employ AI in their operations.
See also
AI-Driven Cyberattacks Surge as 90% Target Vulnerable Third-Party Software
Ransom Payments Surge to 24.3% as AI-Enhanced Cyberattacks Target Companies
Netrust CEO Jen Capones-Tongco Urges Stronger Leadership Against AI Cyber Threats in Asia
AI-Powered TwinGuard System Detects 5G Cyberattacks in Under 100 Milliseconds
Kaspersky Upgrades Next Platform with AI to Boost Threat Detection and Cut Costs
