As part of a week-long programme of events marking CyberNI Week, Pinsent Masons presented its fifth annual Cyber Report in Belfast on Tuesday, where delegates from the energy, financial, transport and housing sectors heard about the threats handled by the international law firm’s specialist UK cyber team in the last year, and the scams that could emerge this year.

Entitled Cybersecurity Landscape, Risks and Challenges, the report was delivered at a breakfast briefing staged at the company’s Soloist building offices in Lanyon Place.

Laura Gillespie – a partner at Pinsent Masons who leads the cyber team in Northern Ireland and who chaired the event – said: “It has been clear that the sophistication and volume of ransomware attacks has increased over the last 12 months; clients are responding, however, by doubling down their efforts in developing cyber readiness programmes.”

Totalling 58 per cent of all incidents, the report found that ransomware incidents accounted for the majority of the incidents the team handled. Those targeted by cyber criminals ranged from Small and Medium Enterprises (SMEs) to multi-national companies with a global footprint.

Businesses operating in the financial sector were the most frequently targeted; they accounted for 40 per cent of breaches and tend to be targeted because they hold a wealth of monetizable data and information. In 43 per cent of confirmed cases, criminals were successful in extracting sensitive data which can then be sold on the ‘dark web’ – or used directly to commit identity or financial fraud.

The new report from Pinsent Masons also alerted businesses to the fragmentation of threat actor groups, or some operating what is essentially a franchise model. The effect of this on victims is that it can be difficult to attribute an incident to a specific group, and therefore make it challenging to rely on threat intelligence.

Delegates were told the emergence of new technologies such as AI is not all bad news as it can have various benefits, including detecting cyber-attack techniques by analysing the data and structure of malware attacks, and identifying e-mails with rogue traits.

Tightening regulation as part of the EU Network and Information Systems Directive that must become national law by October is intended to deliver a high, common level of cybersecurity to help companies protect the IT infrastructure and prevent external attacks. 

One key aspect of this is increasing accountability and liability of those people working at management level. However, uncertainties remain in the UK, with little progress made with the proposed changes to the UK’s NIS Regulations, and no changes referenced during the King’s Speech last year.

Ms Gillespie added: “Criminals involved in cyber attacks are continually finding new ways to target businesses with the aim of obtaining commercially or personally sensitive information, and with Artificial Intelligence set to play a bigger role, organisations need to make cyber security their number one priority in 2024.

“Regardless of the size of the business, cyber criminals don’t discriminate, and the ramifications will be felt in both the short- and long-term, with lost revenue, reputational damage, possible fines, and even follow on litigation just some of the problems that originate from cyber attacks.”