Following two years of high but stable loss activity, 2023 has seen a “worrying resurgence” in ransomware and extortion claims as the cyber threat landscape continues to evolve, Allianz Commercial writes in a new report.
The business insurance company’s analysis of large cyber losses shows the number of cases in which data is exfiltrated is increasing every year, doubling from 40 percent in 2019 to almost 80 percent in 2022, with 2023 significantly higher.
“Double and triple extortion incidents — using a combination of encryption, data exfiltration and distributed denial of service attacks — to obtain money are not new, but they are now more prevalent,” said Michael Daum, global head of cyber claims at Allianz Commercial.
Daum said several factors are combining to make data exfiltration more attractive for threat actors. The scope and amount of personal information being collected are increasing, while privacy and data breach regulations are tightening globally. Meanwhile, outsourcing and remote access trends lead to more interfaces for threat actors to exploit.
Allianz Commercial reports that hackers are increasingly targeting IT and physical supply chains, launching mass cyber attacks and finding new ways to extort money from companies large and small. Most ransomware attacks now involve the theft of personal or sensitive commercial data for the purpose of extortion, increasing the cost and complexity of incidents as well as bringing greater potential for reputational damage.
How Ransomware Risk Is Evolving
Per the new Allianz Commercial report, despite the frequency of cyber claims stabilizing in 2022, ransomware activity alone was up 50 percent year-on-year during the first half of 2023. Ransomware-as-a-service kits, with prices starting at $40, remain a key driver in the frequency of attacks. Ransomware gangs are also carrying out more attacks faster, Allianz Commercial shared, with the average number of days taken to execute one falling from around 60 days in 2019 to four.
“More mass cyber attacks can be expected in the future,” Daum said. “Companies and their insurers need to better understand the interconnectivity and dependencies that exist between organizations and within digital supply chains.”
Growing Number of Public Cases
Previously, the number of cyber incidents that became public knowledge was low. Allianz reports that it’s now a different story, as with data exfiltration, hackers threaten to publish stolen data online. Allianz Commercial’s analysis of cyber losses totaling more than €1 million shows that the proportion of cases becoming public increased from around 60 percent in 2019 to 85 percent in 2022, with 2023 set to be even higher.
The number of companies paying a ransom has increased year-on-year — from just 10 percent in 2019 to 54 percent in 2022, again based on an analysis of losses of more than €1 million. Companies are two-and-a-half times more likely to pay a ransom if data is exfiltrated, on top of the encryption.
Importance of Early Detection and Fast Response
Allianz analysis of more than 3,000 cyber claims over the past five years shows that external manipulation of systems is the cause of more than 80 percent of all incidents. Threat actors are now exploring ways to use artificial intelligence to automate and accelerate attacks, the company reported, as well as creating more effective AI-powered malware, phishing and voice simulation.
Combined with the explosion in connected mobile devices — Allianz Commercial has seen a growing number of incidents caused by poor cybersecurity in this area — attack avenues only look likely to increase. Preventing a cyber attack is therefore becoming harder, and the stakes are higher, Allianz reports.
As a result, early detection and response capabilities and tools are becoming ever more important. While most incidents are contained quickly, if an attack is not stopped in the early stages, the chances of preventing it from becoming something much more serious and costly greatly reduce, Allianz shared.
“Traditional cybersecurity has focused on prevention with the goal of keeping attackers out of a network,” says Baviskar. “While investment in prevention reduces the number of successful cyber attacks there will always be a ‘gap’ remaining that will enable attacks to get through. For example, it is not possible to stop all employees from clicking on increasingly sophisticated phishing emails.”
Allianz Commercial analysis shows that early detection and response can prevent a €20,000 loss from turning into a €20 million one.