Cybercrime has become the world's third-largest economy after the US and China, driven by the availability of ransomware-as-a-service and malware sold on the dark web. Even those without technical skills can launch sophisticated attacks by easily accessing these tools online. The rapid adoption of the Internet of Things (IoT) has also created security gaps that are being exploited by cybercriminals. The rise in ransom demands, due to high-profile attacks such as the Colonial Pipeline hack, has encouraged more people to enter the market, with cybercrime a growing global issue. According to recent research, the average ransom payout is now over $800,000, with the cybercrime industry set to cost up to $10.5 trillion per year by 2025.

In 2022, the consequences of the Ukraine-Russia war dominated cybersecurity news. There were attacks on critical infrastructure and corporations, leading to higher energy prices, monetary losses and a less robust supply chain. Overall, it highlighted the potential impact that cyber-attacks can have on the world. As such, as we head into 2023, businesses should take as much care as possible to limit their exposure to potential cyber-attacks. To emphasise the risk, a recent survey found that UK businesses are 85 per cent more likely to suffer a hack now than they were in 2019. Likewise, with insurers offering fewer cyber products and ransoms increasing, the potential for financial damage is greater than ever – making cyber the greatest risk that many companies face in 2023.

One of the UK’s most prestigious newspapers has spent weeks trying to recover from a major security incident. Security staff at the Guardian newspaper have been working since mid-December when the breach was found. Since then, the Guardian Media Group’s chief executive, Anna Bateson, has confirmed that they suffered a ransomware attack which stole staff data and took critical services offline. Bateson also explained that the breach was probably caused by stolen credentials from a phishing attack, allowing unauthorised access to specific sections of the Guardian network. While news production was unaffected, staff are still anxiously awaiting investigations into where their personal data may have ended up.

The year 2022 was a landmark year for data breaches, and companies could face the same trajectory in 2023 if they overlook corporate network access. In an article for Strategic Risk Europe, MyCena CEO Julia O’Toole presents attacks at Uber, Optus and Medibank as a cautionary tale. She notes the perils of employees having the keys to an organisation’s most valuable assets, and the human error involved in phishing attacks. For 2023 and beyond, organisations should reassess how employees can access their networks.

In a recent report from Deloitte and the Manufacturers Alliance for Productivity and Innovation, cybersecurity has been named as the top threat to the food and beverage sector. The report also singles out cybersecurity as the key issue for smart factories. These factories, which rely on connectivity, IoT devices and productivity tools, can work quicker and produce goods faster than traditional factories – but are also more open to cyber-attacks. With many cyber criminals targeting key supply chain industries, this report highlights the potential for further threats. To mitigate attacks, it says, factories should address weak passwords, access controls and outdated security tools.

The Finance Department of California has been hit by a ransomware attack. The breach, confirmed on 12 December by the Cybersecurity Integration Center (Cal-CSIC), is one of the latest in a trend of attacks targeting government institutions and critical industries. Within hours, the attack was claimed by Russian-backed ransomware gang LockBit. In a blog post claiming responsibility, LockBit said they had accessed various networks and servers, stealing sensitive personal and legal data totalling 76GB. LockBit initially gave the Finance Department until 24 December to pay a ransom before they will begin to leak data.