However, Allianz Commercial data also shows that early detection and response can prevent substantially reduce loss potential.
The company’s analysis of substantial cyber losses reveals an alarming trend of increasing data exfiltration incidents, with the percentage of cases involving data theft doubling from 40% in 2019 to nearly 80% in 2022. This trend has intensified further in 2023.
The report underscores the ever-evolving nature of the cyber threat landscape, emphasizing the need for businesses to remain vigilant and proactive in their cybersecurity measures. As cybercriminals continue to refine their tactics, companies must adapt their defences accordingly to safeguard their data and operations.
Michael Daum, global head of cyber claims at Allianz Commercial, said: “Double and triple extortion incidents — using a combination of encryption, data exfiltration and distributed denial of service attacks — to obtain money are not new, but they are now more prevalent.”
The report paints a concerning picture of the evolving cyber threat landscape, highlighting a surge in ransomware attacks and a growing focus on data exfiltration for extortion purposes. It also reveals that data theft is now a prevalent aspect of most ransomware attacks, significantly increasing the complexity and cost of incident resolution while amplifying the potential for reputational damage.
Despite a relative stabilisation in overall cyber claims during 2022, ransomware activity alone experienced a staggering 50% year-on-year increase in the first half of 2023. This alarming trend is being fuelled by the widespread availability of ransomware-as-a-service kits, with entry-level packages starting at a mere $40. These readily accessible tools are empowering cybercriminals to launch attacks with greater ease and frequency.
The report also reveals that cybercriminals are becoming increasingly sophisticated in their attack methods, significantly reducing the time between initial intrusion and full-scale disruption.
Scott Sayce, global head of cyber at Allianz Commercial, reported that: “Cyber claims frequency has picked up again this year as ransomware groups continue to evolve their tactics.”
He continued: “Based on claims activity during the first half of 2023, we expect to see around a 25% increase in the number of claims annually by year-end. The attackers are back, and focused again on Western economies, with more powerful tools, enhanced processes and attack mechanisms. Given this dynamic, a well-protected company is necessary to stand up to the threat and, increasingly, the most important element of this is developing strong detection and fast response capabilities.”
Cyber attacks becoming increasingly sophisticated
Allianz Commercial found that the average time taken to execute a ransomware attack has plummeted from around 60 days in 2019 to a mere four days in 2023. This rapid escalation highlights the urgency for businesses to adopt robust cybersecurity measures and remain vigilant in detecting and responding to potential threats.
The report findings and recommend that the optimal approach involves a layered cybersecurity system that encompasses not only traditional IT systems but also physical supply chains. Organisations must prioritise the implementation of comprehensive security protocols across their entire operations to effectively mitigate the evolving cyber threat landscape.
Daum added: “More mass cyberattacks can be expected in the future. Companies and their insurers need to better understand the interconnectivity and dependencies that exist between organisations and within digital supply chains.”
Author: Joanna England