Cyber experts warn of ransomware risks during Tokyo Olympics

Should the Summer Games face a cyberattack, the losses would be significant.

The five-ring symbol of the Olympic Games in Tokyo, Japan.

It might be assumed that with the ban on physical spectators at the postponed 2020 Tokyo Olympics, the level of risk stemming from this global event — particularly the spread of COVID-19 — has diminished, but cyber experts warn of a different risk: cyber. Fears of telecom disruptions and ransomware attacks are founded, and the damage that could be caused has increased with the reliance on technology to broadcast the Games, which kicked off on July 23rd. Experts say insurers could face potentially massive losses based on the high-risk factors.

Organizers have said that they are prepared for the kind of cyberattack that temporarily paralyzed IT systems ahead of the official opening ceremonies of the 2018 Pyeongchang Winter Olympics in South Korea.

“I think Japan is prepared for what happened in South Korea in 2018, but the landscape for cyberattacks has shifted so they can only be prepared for what they’ve seen in the past but maybe not for the next iteration of it,” Robert Behny, senior director of cyber data and partnerships at Verisk, told PropertyCasualty360. He added that “The best preparation that they can do ensure they have a solid foundation — software patching and system backups.”

COVID-19 has forced the world to transition to a digital state faster than expected. Japanese officials have even said they are utilizing technology such as facial recognition systems to monitor volunteers. A cyberattack on a broadcast or streaming network used by the Olympics may spell disaster as attackers could have hacked the IT infrastructure over a year ago when it was originally planned to be used.

While Japan has shown that they have been busily working on cybersecurity defenses over the past several years, Bethany Vohlers, senior manager for cyber solutions at Verisk, said: “In a lot of ways, the actors are always one step ahead of where the rest of the industry is. And that’s coming from the fact that they are largely typically nation-state attacks that are heavily funded. It can be an act of war, but it’s really a tool. And so there’s always going to be this appetite in the cybercrime world…to try and disrupt these sorts of events.”

Although Japan is ranked as low-risk by insurance and risk management firms, giving it a stellar reputation as a safe place to visit, the nation cannot afford to become too complacent.

With spectators having to watch the Games virtually, it means purchasing tickets with banking information and logging in to a website account to print tickets and watch the Games. If there’s an attack on the Olympics, disruptions to the virtual supply chain could impact companies supporting the Olympic Games and even virtual spectators.

With the absence of in-person attendance, the event is going to be very reliant on technology to stream or to save content, Behny said.

“That high technology reliance means that you’re going to have third parties of the Olympics officiants and fourth parties supporting that type of technology to stream content and to save the content for later viewing,” he added.

Even at-home spectators face risks

The organizers of the Olympics aren’t the only ones who should be vigilant. Suppliers and spectators must take action to protect themselves and those they are connected to. In addition to malware, there’s also the possibility of ransomware attacks, so what can companies expect if they’re targeted?

“I think all the suppliers, if you’re not the Olympic committee who’s actually putting on the show, you’re probably a target for ransomware,” Behny said. He added that if a threat actor can take you down and make you pay as a ransom or extortion, they achieved their goal because their criminal organization gets paid. But for the Olympic organizing team, threat actors want to have a media blackout so the Games can’t be produced.”

Behny warns spectators to be cognizant of phishing emails, so, if they get emails, they need to know if it’s a legitimate email from the Olympics or one from a streaming provider that they actually trust and shouldn’t click links that they don’t trust because it could have malicious attachments. “It’s the typical…good hygiene, good citizen of email etiquette,” he said, adding, “Pay attention to what you’re opening. Pay attention to what you’re clicking. The malware that would come from that could be a myriad of things.”

“I think, generally, the interest will be around some forms of cybercrimes, said Vohlers. “So trying to steal banking credentials or PII. I know that there is an Emotet malware for a while in Japan as well, which has really made a resurgence not too long ago and that actually helps steal banking credentials when you log into accounts.” She added that scams around just general ticketing to try to get that banking information, fraudulent websites, payment card theft, as well as phishing attacks, are also possible.

“And I think the one other thing to mention is really the potential disruption that spectators might face around potential hacks with the supply chain again, so thinking about wifi networks being impacted, I believe even hotels, if they’re impacted, that would impact those who are attending the event,” she noted.

‘A business interruption element’

Attacks will not just impact the top of the Olympic Games because other systems are attached to them, so even if an attack is just targeted at the Olympics, it could still spread everywhere else because the networks are connected. Ransomware tries to spread like a worm, and its spreads very quickly, so systems that are connected could be impacted even if it was not the intent of the threat actor.

Vohlers said what we need to be looking at is disruption — “sort of just a business interruption element.” She added that when it comes to ransomware, extortion has been increasing and becoming more targeted attacks and certainly in high-profile events like the Olympics. “The desire to recover from an attack might be greater than going through the whole remediation process,” she said.

There is a lot of money at stake. Should the Olympics be attacked, the losses would be great. The insurance industry is a stakeholder in major events like the Olympics and could encounter huge losses, considering that claims and liability could be impacted. A Reuters report revealed that the International Olympic Committee (IOC) typically takes out around $800 million of coverage for each Summer Olympics.

Specific Technologies Driving Insurtech Investment in 2024

Understanding the Funding Decline The decrease in funding does not necessarily spell trouble for the insurance sector but instead highlights a strategic shift, the report suggests. “The insurance industry, like many sectors, is focusing on the most promising ventures with substantial insurance potential,” the report explains. “Insurers are directing their investments toward key areas and current trends such as embedded insurance, employee benefits, and cyber risk management. This strategic investment approach signals a forward-looking mindset within the industry.” Three Key Insurtech Trends for 2024 The report identifies three major trends shaping insurtech investments in 2024: Public Insurtech Companies: Financial and Growth Strategies The report also notes that public insurtech companies are prioritizing revenue growth as their main goal. These firms are restructuring their financial strategies to boost cash flow and capitalize on rising revenue streams. Their growth prospects are supported by expanding asset portfolios and strong market demand. “Public insurtech companies are focusing on revenue growth and optimizing their financial frameworks to increase cash flow,” the report states. “The growth potential for these companies is driven by increasing revenue opportunities, broadening asset bases, and a robust market for their services.” In summary, while global insurtech funding saw a decline in 2023, the industry’s focus on GenAI, digital process management, and connected insurance technologies is setting the stage for a dynamic and forward-looking 2024.

Business

Insurer Secures Unanimous Supreme Court Victory in New York Choice of Law Dispute

In the world of sports, a clean sweep, a shutout, or a perfect game is the ultimate achievement. In the legal arena, a unanimous decision from the U.S. Supreme Court is equally rare and significant. In a notable legal triumph, Great Lakes Insurance SE achieved a unanimous 9-0 victory in the Supreme Court on February 21, 2024. This victory follows a protracted legal battle that began in the District Court of Pennsylvania, advanced to the U.S. Court of Appeals for the Third Circuit, and culminated in the Supreme Court’s decisive ruling. Background of the Case: Great Lakes Insurance SE v. Raiders Retreat Realty Company The heart of the dispute was the insurance contract’s clause selecting New York law to govern any future legal conflicts. Although the financial implications of this case were relatively minor compared to the broader marine insurance industry, the insurer’s determination to uphold a crucial maritime legal principle has significant long-term implications for marine insurance. Faced with the insured’s counterclaims—including allegations of breach of fiduciary duty, insurance bad faith, and violations of Pennsylvania’s Unfair Trade Practices Law—the insurer was confronted with serious risks. Such claims could lead to the shifting of attorney’s fees, treble damages, and more, which might normally encourage insurers to settle rather than risk pursuing justice. However, Great Lakes Insurance, supported by The Goldman Maritime Law Group, opted to challenge the Third Circuit’s decision and seek clarity from the Supreme Court. Supreme Court Ruling: A Landmark Decision In a landmark ruling, Justice Brett Kavanaugh affirmed that choice of law provisions in maritime contracts should be upheld by default. This ruling is a major victory for establishing a consistent federal standard in maritime law and avoiding a patchwork of state laws that could complicate marine insurance disputes. The Supreme Court’s decision overturned the Third Circuit’s earlier judgment, which had questioned whether Pennsylvania’s public policy concerns might override the insurance contract’s choice of New York law. By upholding the New York choice of law clause, the Supreme Court eliminated the extra-contractual bad faith claims under Pennsylvania law, thereby ensuring that the dispute could be resolved based on the merits of the insurance claim itself. Significance of the Supreme Court’s Decision This ruling represents a significant advancement in maritime law, affirming that choice of law clauses in maritime contracts are generally enforceable. The decision establishes a clear, uniform legal framework for resolving maritime contract disputes, which will streamline the process and ensure fair adjudication of future insurance claims. Justice Clarence Thomas’s concurring opinion was particularly notable for its criticism of the 1955 Wilburn Boat v. Fireman’s Fund Insurance decision, which had previously influenced maritime insurance law. Thomas argued that Wilburn Boat was incorrectly decided and stressed that a uniform and enforceable set of rules is essential for the development of maritime law. Impact on the Marine Insurance Industry The Supreme Court’s decision sets a “bright-line” rule affirming that choice of law clauses are valid unless there is a strong argument against the selected jurisdiction. By endorsing New York’s insurance laws as a reasonable choice, the ruling supports a more consistent and predictable legal environment for marine insurers. This decision represents a major step forward in maritime law, helping insurers better assess risks, determine premiums, and ensure fair and efficient resolution of maritime insurance disputes.

Cyber experts warn of ransomware risks during Tokyo Olympics