Detection And Response Tools Important As Cyber Claims Surge In 2023: Allianz
Ransomware incidents rising as criminals use data exfiltration and supply chain attacks to maximise their leverage.
The cyber threat landscape continues to evolve, and 2023 has seen resurgence in ransomware and extortion claims after two years of high but stable loss activity, a report by business insurance provider Allianz Commercial showed.
Hackers are increasingly targeting IT and physical supply chains, launching cyberattacks and finding new ways to extort ransom from companies of all sizes.
Allianz Commercial’s analysis of large cyber losses showed that the number of cases in which data was exfiltrated doubled from 40% in 2019 to almost 80% in 2022, with 2023 significantly higher.
"Cyber claims frequency has picked up again this year as ransomware groups continue to evolve their tactics," Scott Sayce, global head of cyber, Allianz Commercial, said. "Based on claims activity during the first half of 2023, we expect to see around a 25% increase in the number of claims annually by year-end."
Ransomware Risk Is Evolving
The frequency of cyber claims stabilised in 2022, reflecting improved cyber security and risk management actions among insured companies, the report said.
Law enforcement agencies targeting attackers, together with the Ukraine–Russia conflict, are also believed to have helped curtail ransomware activity. However, ransomware activity rose 50% year-on-year during the first half of 2023.
According to the report, most ransomware attacks now involve the theft of personal or sensitive commercial data for the purpose of extortion, increasing the cost and complexity of incidents, along with the potential for reputational damage.
"Several factors are combining to make data exfiltration more attractive for threat actors. The scope and amount of personal information being collected is increasing, while privacy and data breach regulations are tightening globally. The trend towards outsourcing and remote access leads to more interfaces for threat actors to exploit," said Michael Daum, global head of cyber claims, Allianz Commercial.
Supply chain-enabled ransomware attacks have now become customary, the report showed. This year, there were several mass ransomware attacks—including the MOVEit cyberattack—as threat actors used exploits in software and weaknesses in IT supply chains to target companies.
Ransomware-as-a-service, in which cybercriminals sell/lease ransomware to launch attacks, remained a key driver for the ongoing frequency of attacks, the report said. Threat actors are also carrying out more attacks faster, with the average number of days taken to execute an attack falling from around 60 days in 2019 to four.
Rising Number Of Public Cases
With data exfiltration, hackers threaten to publish stolen data online, increasing the number of cyber incidents becoming public knowledge. Allianz Commercial's analysis of large cyber losses (more than €1 million) showed that the proportion of cases becoming public increased from around 60% in 2019 to 85% in 2022, with 2023 set to be even higher.
"Today, if you have data exfiltration, it will likely go public, and every company needs to be prepared for this," said Rishi Baviskar, global head of cyber risk consulting, Allianz Commercial.
The number of companies paying a ransom has increased year-on-year, from 10% in 2019 to 54% in 2022. Companies are two-and-a half times more likely to pay a ransom if data is exfiltrated, on top of the encryption.
Early Detection And Response Critical
Allianz analysis of more than 3,000 cyber claims over the past five years showed that external manipulation of systems is the cause of more than 80% of all incidents. Threat actors are now exploring ways to use artificial intelligence to automate and accelerate attacks.
The report also found a growing number of incidents caused by poor cybersecurity around mobile devices, and attack avenues are likely to increase with the increase in connected devices.
Around 90% of incidents are contained early, according to the report. Therefore, early detection and response capabilities and tools are becoming more important. Cyber breaches that are not detected and contained early can be as much as 1,000 times more expensive than those that are, the report highlighted.