In a recent report, Allianz Commercial has sounded the alarm on a sharp resurgence in ransomware and extortion claims, cautioning businesses to bolster their cybersecurity defenses.
The report underscores the evolving nature of cyber threats, with hackers targeting both IT and physical supply chains, employing mass cyber-attacks, and exploiting new avenues for extortion.
Most notably, ransomware attacks increasingly involve data exfiltration, making them more costly, complex, and damaging to a company’s reputation.
The report reveals that the number of cases involving data exfiltration has doubled from 40% in 2019 to nearly 80% in 2022, and this trend is expected to continue in 2023.
Scott Sayce, Global Head of Cyber at Allianz Commercial, notes, “Cyber claims frequency has picked up again this year as ransomware groups continue to evolve their tactics,” projecting a 25% annual increase in claims by year-end based on first-half 2023 activity.
One key driver behind this surge is the prevalence of Ransomware-as-a-Service (RaaS) kits, with attackers executing attacks faster, reducing the average time from around 60 days in 2019 to just four days.
The report also highlights the growing threat of double and triple extortion incidents, combining encryption, data exfiltration, and Distributed Denial of Service attacks to extract money.
With an increasing amount of personal data collected and tightening data breach regulations, data exfiltration can significantly add to the cost of a cyber claim.
In response to this evolving threat landscape, companies are urged to prioritise bolstering their detection and response capabilities. Early detection and response tools are emphasised as a vital component of cyber security, as they can reduce the impact and cost of a cyber-attack.
The report emphasises that companies should invest in these tools, as breaches that go undetected and uncontained can be up to 1,000 times more expensive than those that are swiftly addressed.
“Prevention drives frequency of attacks and response is responsible for how significant the loss will be – whether it is a minor IT incident or a corporate crisis,” says Michael Daum, Global Head of Cyber Claims, Allianz Commercial.
“We believe companies can meaningfully prepare and there is room for improvement in how they respond to these attacker threats. Ultimately, early detection and response capabilities will be key to mitigating the impact of cyber-attacks and ensuring a sustainable cyber insurance market going forward.”
