The number of ransomware and extortion cases has increased this year, according to the most recent report from Allianz Commercial, an Allianz Group company for insurance for medium and large companies and specialized risks. According to the study, hackers have increased targeting IT supply chains and, through mass cyberattacks, are finding new ways to extort money from businesses large and small. Most ransomware attacks involve the theft of sensitive personal or business data for the purpose of extortion, which increases the cost and complexity of incidents, as well as reputational damage.
Allianz Commercial’s analysis of major cyber losses shows that the number of cases where data exfiltration occurs is increasing every year — doubling from 40% in 2019 to almost 80% in 2022, with this year being significantly higher.
“This year, the frequency of cyber complaints has increased again as ransomware groups continue to evolve their tactics,” says Scott Sayce, global head of cyber at Allianz Commercial. “Based on complaints during the first half of the year, we expect to see a growth of around 25% in complaints by the end of the year. Hackers are refocusing on Western economies, with more powerful tools, improved processes and attack mechanisms. Given these dynamics, a well-protected enterprise is necessary to counter the threat, and increasingly, the most important element of this is the development of strong detection and response capabilities,” he added.
Evolution of ransomware risk
According to the report, the frequency of cyber claims stabilized in 2022, reflecting improved cybersecurity and risk management actions among insured companies. Law enforcement agencies targeting gangs, along with the Russia-Ukraine conflict, have also helped curb ransomware activity. However, ransomware attacks alone increased by 50% during the first half of this year. So-called ransomware-as-a-service (RaaS) kits, with prices starting at just $40, remain a key factor in the frequency of attacks. Ransomware gangs are also carrying out attacks faster, with the average number of days to execute dropping from around 60 days in 2019 to four.
“Double and triple extortion incidents, using a combination of encryption, data exfiltration and distributed denial of service attacks [DDoS] for money are not new, but they are now more prevalent,” says Michael Daum, global head of cyber claims at Allianz Commercial. “Several factors combine to make data exfiltration more attractive to threat actors. The scope and amount of personal information collected is increasing, while privacy and data breach regulations are becoming more stringent globally. At the same time, the trend toward outsourcing and remote access leads to more interfaces for threat actors to exploit.”
Daum highlights that data exfiltration can significantly increase the cost of a cyber loss or claim. “Such incidents can take longer to resolve, while legal and IT forensic services can be extremely expensive. If data has been stolen, companies must know exactly what data was exfiltrated and will likely have to notify customers, who can seek compensation or threaten litigation.”
This year has seen several major mass cyberattacks as hackers leveraged vulnerabilities in software and weaknesses in IT supply chains to target multiple companies. For example, the MOVEit mass cyberattack, which exploited a data transfer software product, impacted millions of individuals and thousands of businesses, contributing to the increased frequency of claims to date, affecting multiple policyholders simultaneously.
“We can expect more mass cyberattacks in the future. Companies and their insurers need to better understand the interconnectivity and dependencies that exist between organizations and within digital supply chains,” says Daum.
Increase in public cases
In the past, the number of cyber incidents that have become public has been low. Today, it’s a different story as, with data exfiltration, hackers threaten to publish the stolen data online. Allianz Commercial’s analysis of large cyber losses — of more than €1 million — shows that the proportion of cases becoming public has increased from around 60% in 2019, to 85% in 2022, with an even higher forecast for this year.
“Today, if you have data exfiltration, it is likely to become public, and every company needs to be prepared for that,” says Rishi Baviskar, global head of cyber risk consulting at Allianz Commercial.
With potential costly financial and reputational consequences, companies may feel more pressure to pay ransoms when data has been stolen. The number of companies paying a ransom increases year after year, rising from just 10% in 2019 to 54% in 2022, again based on analysis of large losses only. Companies are two and a half times more likely to pay a ransom if data is exfiltrated, in addition to encryption.
However, paying a ransom for exfiltrated data does not necessarily solve the problem. The company may still face third-party data breach litigation, especially in the United States. There are few cases where a company should believe that there is no solution other than paying the ransom to be able to regain access to its systems or data. Any affected party must always inform and cooperate with authorities.
Importance of early detection and rapid response
Protecting an organization against cyber intrusions remains a game of cat and mouse, in which cybercriminals have the upper hand. Allianz Commercial’s analysis of more than 3,000 cyber complaints over the last five years shows that external manipulation of systems is the cause of more than 80% of all incidents. Hackers use artificial intelligence (AI) to automate and accelerate attacks, creating more effective malware, phishing, and voice simulations. Combined with the explosion of connected mobile devices – the report shows a growing number of incidents caused by poor cybersecurity in this area – attack paths appear likely to increase.
Early detection and response capabilities and tools are becoming increasingly important. Around 90% of incidents are contained early. However, if an attack is not stopped in the early stages, the chances of preventing it from becoming something much more serious and costly decrease considerably.
“Traditional cybersecurity has focused on prevention, with the goal of keeping attacks off a network. While investing in prevention will reduce the number of successful cyberattacks, there will always be a ‘gap’ that will allow attacks to pass through. For example, it is not possible to prevent all employees from clicking on increasingly sophisticated phishing emails,” says Baviskar.
Companies should direct additional cybersecurity spending toward detection and response, rather than just adding more layers of protection and prevention. Only a third of companies discover a data breach through their own security teams. However, early detection technology is readily available and effective.
“Detection systems are constantly improving and can prevent a lot of pain by reducing detection and response times. This is something we look for in our cyber risk assessments and underwriting,” adds Baviskar.
Cyber breaches that are not detected and contained early can be up to a thousand times more costly than those that are, and early detection and response can prevent a €20,000 loss from turning into a €20 million loss, the report highlights.
Source at: CisoAdvisor