After experiencing two years of elevated yet steady loss activity, 2023 witnessed a concerning resurgence in ransomware and extortion losses, reflecting the evolving cyber threat landscape.
Hackers are increasingly targeting both IT and physical supply chains, launching widespread cyber-attacks, and devising new methods to extort money from businesses of all sizes.
Given the heightened risk, our customers and clients consistently rank cyber risk as their foremost concern in the annual Allianz Risk Barometer survey.
In 2023, ransomware claims activity surged by over 50% compared to the previous year. The proliferation of Ransomware-as-a-Service (RaaS) kits, with prices starting as low as US$40, has significantly contributed to the uptick in overall attack frequency.
Cybercriminal gangs are executing attacks at an accelerated pace, with the average time taken to carry out an attack plummeting from approximately 60 days in 2019 to just four days.
Most ransomware incidents now involve the exfiltration of personal or sensitive commercial data, amplifying the cost and complexity of these incidents and posing greater potential for reputational harm.
Analysis of large cyber losses (€1mn+) by Allianz Commercial indicates a rising trend in cases involving data exfiltration, doubling from 40% in 2019 to nearly 80% in 2022, with activity in 2023 showing further escalation.
Protecting organizations against intrusions has become a perpetual challenge, with cybercriminals currently holding the upper hand.
Threat actors are exploring ways to leverage artificial intelligence (AI) to automate and accelerate cyber-attacks, enhancing the efficacy of malware and phishing schemes. This trend is compounded by the proliferation of connected mobile devices and the advent of 5G-enabled Internet of Things (IoT), expanding the avenues for cyber-attacks.
At Allianz, our global team of risk engineers monitors the cyber landscape vigilantly, aiding companies in mitigating emerging risks. Some threats on our radar include:
- The utilization of AI to expedite cyber-attacks
- Vulnerabilities posed by mobile devices in exposing personal and corporate data
- The impact of the cyber security skills shortage on incident frequency and cost
Early detection remains pivotal in combating evolving cyber threats. While prevention measures are crucial, investing in detection and response capabilities and tools is becoming increasingly imperative.
Redirecting resources toward detection and response mechanisms is essential for mitigating the impact of cyber-attacks and sustaining a viable cyber insurance market in the future.
Source: Techeconomy