The world’s first active insurance company, Coalition, has just released its annual Cyber Claims Report for 2022. Their assessment came to the conclusion that digital risk in the cyber sphere has undergone a severe transformation since the start of the Covid-19 Pandemic. Many businesses were forced to hastily adapt and digitalize their operations but, in so doing, struggled to keep up with their cyber hygiene in the fast-paced cyber sphere. We’ve gathered the report’s insights on cyber claims and attack vectors.
New estimations predict that nearly 65% of the global GDP will be digitalized by the end of 2022, creating a greater risk for theft of digital assets and many lucrative opportunities for the perpetrators of cyber crimes.
Ransomware Still a Major Cyber Claims Concern
The report concludes that, on average, ransom demands continued to increase by 20% to $1.8M throughout the second half of 2021. Simultaneously, claims severity has started to plateau at an increase of only 10%.
Ransom demands increased by 20% to $1.8M
Claims severity increased by 10%
Healthcare organizations, in particular, have fallen victim to ransomware attacks more than any other industry. While Ransomware is the most prevalent attack vector so far, with threat actors benefitting from taking hostage their victims’ data, intellectual property, infrastructure, and economic outputs. Additionally, hackers have expanded their tactics, resorting to the use of other attack techniques such as Funds Transfer fraud (FTF) and Business Email Compromise (BEC). Therefore, no attack vector can be ignored as the threat actors continue to develop new methods.
New US Regulations on Ransomware Payments
Those faced with the decision of whether to give in to the ransom demands of threat actors must also keep in mind the tighter regulations on ransomware payments issued by the U.S. Department of Treasury’s Office of Foreign Asset Control (OFAC) in September 2021. The United States has updated its Advisory on Potential Sanctions Risk for facilitating Ransomware payments, dictating that individuals, companies, and cyber insurance companies face potential sanctions for conducting a ransom/extortion payment as a response to ransomware attacks.
The United States Government seeks to discourage citizens and companies who have fallen victim to a ransomware attack from making extortion payments, as they believe it would only encourage future attacks. Instead, they recommend eliminating the cyber threat by putting a focus on strengthening defensive and resilience measures to prevent and protect against ransomware attacks in the future.
SMEs must watch out for Funds Transfer Fraud
While in previous years small-to-midsized businesses seemed to be of lesser interest to Cybercriminals, these organizations are now disproportionally impacted by cyber-attacks. Threat actors have eyed up due to the fact that most small businesses have limited capabilities to protect themselves in the Cybersphere. Whether it is due to limited financial capabilities or lack of awareness, these security gaps have made it much more lucrative for Cybercriminals to target smaller organizations.
The assessment by Coalition came to the conclusion that claims severity overall rose by 56% for small organizations under $25m in revenue. In addition to a dramatic increase in claims frequency, showing a 54% increase in funds transfer fraud attacks and a 40% increase in ransomware attacks.
Funds transfer fraud attacks (FTF) are an easy way to monetize cyber crimes and are considered low-tech attacks. Furthermore, they have been found to target small businesses disproportionately. Social engineering techniques such as phishing or Business Email Compromise (BEC) are the easiest way for threat actors to perpetuate Funds Transfer Fraud attacks (FTF). Simply by accessing your business email, cybercriminals can modify payment instructions and manipulate email contacts defrauding payments and rechanneling the money into their own pockets, often doing so without even triggering any security alerts.
Cyber claims predictions for the cyber threat landscape in 2022
Predictions forecast that the Cyber Insurance Market is likely to harden in 2021 making it harder for businesses to qualify for Cyber Insurance. On top of that, many governments worldwide are expected to follow the United States in tightening regulations around ransomware demands and setting public frameworks in an effort to mitigate the risk in cyberspace.
Interested to hear about the Cyber Insurance Academy’s award-winning cyber insurance courses? Read about what we are doing to train the next generation of cyber insurance specialists here.