A new report by Allianz Commercial has sounded the alarm on a significant resurgence of ransomware and extortion claims in 2023. Following two years of relatively stable but high-loss activity, the evolving cyber threat landscape is witnessing hackers increasingly target both IT and physical supply chains, while dark web groups launch mass cyber-attacks and devise new methods to extort money from businesses of all sizes.
A notable shift in ransomware attacks involves the theft of personal or sensitive commercial data for extortion purposes, leading to increased costs, complexity, and potential reputational damage. Allianz’s analysis of large cyber losses reveals that the number of cases involving data exfiltration has doubled from 40% in 2019 to nearly 80% in 2022, with a significant rise projected for 2023.
Scott Sayce, the Global Head of Cyber Center of Competence at Allianz Group, emphasizes the need for strong detection and rapid response capabilities, expecting a 25% annual increase in cyber claims by the end of the year.
Evolution of Ransomware Risk
Allianz Commercial’s report, titled “Cyber Security Trends 2023: The Latest Threats and Risk Mitigation Best Practice – Before, During, and After a Hack,” notes that cyber claims frequency stabilized in 2022, indicating improved cybersecurity and risk management among insured companies. Law enforcement efforts against cybercriminals and factors like the Ukraine-Russia conflict contributed to a decrease in ransomware activity.
However, the first half of 2023 witnessed a 50% year-on-year increase in ransomware activity. Ransomware-as-a-Service (RaaS) kits, starting at just $40, continue to drive these attacks. Ransomware gangs are executing attacks faster, with the average time to launch a ransomware attack decreasing from around 60 days in 2019 to just four days.
The Rise of Double and Triple Extortion
Incidents involving double and triple extortion, which combine encryption, data exfiltration, and distributed denial of service (DDoS) attacks to obtain money, are becoming more prevalent. Several factors contribute to the increased attractiveness of data exfiltration for threat actors, including the growing amount of personal information collected, tightening global privacy and data breach regulations, and the trend towards outsourcing and remote access.
The Growing Threat of Data Disclosure
With data exfiltration, hackers are now threatening to publish stolen data online. Allianz Commercial’s analysis of large cyber losses shows that the proportion of cases becoming public increased from around 60% in 2019 to 85% in 2022, with 2023 expected to be even higher.
Pressure to Pay Ransoms
Companies facing the public disclosure of stolen data may feel compelled to pay ransoms. The report finds that the number of companies paying a ransom has increased year-on-year, from 10% in 2019 to 54% in 2022 (based on the analysis of large losses only, €1 million+). However, paying a ransom for exfiltrated data does not necessarily resolve the issue, as the company may still face third-party litigation for data breaches, especially in the United States.
The Importance of Early Detection and Rapid Response
Preventing cyber-attacks is becoming increasingly challenging, with threat actors exploring new methods, including artificial intelligence, to automate and accelerate attacks. The rise in connected mobile devices underscores the importance of early detection and rapid response capabilities and tools. Allianz’s analysis of more than 3,000 cyber claims over the past five years reveals that over 80% of all incidents are caused by external manipulation of systems.
Companies are advised to allocate additional cybersecurity spending on detection and response rather than adding more layers to protection and prevention. Michael Daum, Global Head of Cyber Claims at Allianz Commercial, emphasizes the significance of early detection and response capabilities in mitigating the impact of cyber-attacks and ensuring a sustainable cyber insurance market going forward.
