During the COVID-19 crisis, global cyber attacks skyrocketed into a digital pandemic driven by ransomware, according to a report released by Allianz Global Corporate & Specialty (AGCS).
In addition, the report notes, business interruption and restoration costs are the main causes of financial losses for businesses.
An AGCS analysis of all of its cybercrime claims, observed over the past six years, finds that business interruption and attack recovery costs represent more than 50% of the value of nearly 3 000 cyber claims from the insurance industry valued at approximately 750 million euros ($ 885 million). (AGCS started purchasing cyber insurance in 2013).
“The average total cost of recovery and downtime – averaging 23 days – from a ransomware attack has more than doubled in the past year, from $ 761,106 to $ 1.85 million in 2021, “said AGCS ‘cyber insights report, titled” Ransomware Trends: Risks and Resilience. (See the related article, which lists AGCS’ recommendations for preventing ransomware attacks. ” )
“When it comes to cyber business disruption, timing is everything. If you pay a ransom note after a week, the loss has already crystallized and the cost of the restoration is already incurred. For example, the cost of hiring forensic experts and response consultants can reach $ 2,500 per day and easily reach a seven-figure figure, ”said Rishi Baviskar, Global Head of Cyber Experts, Risk Consulting , GATS, cited in the report.
“Malware attacks that encrypt corporate data and systems and demand ransom payments for their release are on the rise around the world,” said a press release accompanying the report.
As an indicator of this increase, AGCS cited a report by Accenture which found that global cyber intrusion activity jumped 125% in the first half of 2021, compared to the same period in 2020, with operations of ransomware and extortion being the two main contributors behind this triple-increase in numbers.
In addition, there was a 62% increase in ransomware incidents in the first six months of 2021 in the United States, which followed a 20% increase in the number of incidents for all of 2020 and a 225% increase in ransom demands, GATS said. report, citing statistics from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).
AGCS said these cyber risk trends are reflected in its own claims experience. AGCS recorded over 1,000 cyber complaints in total in 2020, up from around 80 in 2016. In addition, it received 90 ransomware complaints in 2020, a 50% increase from 2019 (when it received 60 complaints).
This trend continued in 2021 with more than 500 global cyber complaints received by AGCS in the first half of the year, while the number of ransomware requests in the first half of the year already equals the number reported (60) for the whole of 2019.
“Losses resulting from external incidents, such as distributed denial of service (DDoS) attacks and ransomware campaigns, account for the majority of the value of cyber claims (81%) analyzed by AGCS over the past six years. The report says.
Growing reliance on digitization, the increase in remote working during COVID-19 and IT budget constraints are just some of the reasons IT vulnerabilities have intensified, according to the report, noting that ‘There are now countless access points that criminals can exploit.
In addition, the wider adoption of cryptocurrencies, such as Bitcoin, which allow anonymous payments, is another key factor in the increase in ransomware incidents, AGCS said in the press release.
Bitcoin, which is estimated to account for around 98% of ransomware payments, is relatively easy to acquire and use, while the payments are verifiable, according to the report. “Transactions can also be carried out on condition of anonymity, which allows perpetrators to keep their identities hidden. “
Cryptocurrencies are “the weak link that allows criminals to bypass traditional institutions and hide behind the anonymity built into technology,” said Thomas Kang, Head of Cyber, Tech and Media, North America at AGCS , cited in the report. “Stricter enforcement and compliance with ‘know your customer’ and anti-money laundering laws, however, could help disrupt the ransomware business model. “
The report identifies key trends in the current ransomware space:
- Ransomware as a Service (RaaS) Development. RaaS has made it easier for criminals to carry out attacks. Run as a commercial enterprise, hacker groups such as REvil and Darkside sell or rent their hacking tools to others. They also offer a range of support services. As a result, many other malicious actors are operating. “From a subscription of as little as $ 40 per month, successful attacks can net several thousand dollars in ransomware payments. REvil, may have collected nearly $ 100 million in ransoms in the first six months of 2021, according to estimates4.
- Double and triple extortion tactics increased. “Double extortion” tactics are on the increase. Criminals combine the initial encryption of data or systems, and increasingly even their backups, with a secondary form of extortion, such as the threat to disclose sensitive or personal data. In such a scenario, affected businesses must manage both the possibility of a major business disruption and a data breach event, which can dramatically increase the ultimate cost of the incident. “Triple extortion” incidents can combine distributed denial of service (DDoS) attacks, file encryption and data theft – and not only target a business, but potentially its customers and business partners as well. One notable case was a psychotherapy clinic in Finland that received a ransom demand. At the same time, smaller sums have also been demanded from patients in exchange for not disclosing their personal information.
- Increase in supply chain attacks. “There are two main types [of supply chain attacks] – those that target software / IT service providers and use them to spread malware and those that target physical supply chains, such as critical infrastructure. The Kaseya and Solarwinds attacks were examples of attacks targeting IT software / service providers, while an example of a physical supply chain attack was the one that hit Colonial Pipeline, which was the biggest cyber attack. against US oil infrastructure.
nowadays. The report noted that service providers are likely to become prime targets as they often provide software solutions to hundreds or thousands of businesses and therefore offer criminals the possibility of higher payment.
- Ransom demands soar. Ransom demands have exploded over the past 18 months, according to the report, noting that the average demand for extortion in the United States was $ 5.3 million in the first half of 2021, an increase of 518% from to the 2020 average. The report cites cybersecurity firm Palo Alto Networks, which said the highest claim was $ 50 million, up from $ 30 million last year.
To pay or not to pay ransom demands
The GATS report highlighted that paying cyber ransoms is controversial. “Law enforcement agencies generally advise against paying extortion requests, which is supposed to fuel the problem and potentially incite further attacks in the future, ”he said.
“Paying a ransom is also no guarantee that a business will be able to quickly recover its files and restore its systems. In many cases, by the time the ransom is paid, the damage is already done, and most organizations will already have suffered lost revenue and incurred the expense of file and system recovery, ”the report continues.
“Even when a company pays a ransom, it takes a huge effort to restore files and get systems back up and running. It’s a huge undertaking, even when you have a decryption key, ”said Marek Stanislawski, global head of cyber underwriting at AGCS, in the report.
The report states that the ransomware pandemic of recent years has triggered a major shift in the cyber insurance market, “as operators and policyholders work to mitigate the increasing frequency and severity of attacks and claims of resulting cyberinsurance “.
As a result, cyber insurance prices have increased and capacity has tightened. U.S. rates rose more than 50% in the second quarter of 2021 alone, AGCS said, citing a report from Marsh.
“Insurers are increasingly monitoring cybersecurity controls used by organizations and assessing risk accordingly,” the AGCS report said, noting that three in four companies do not meet AGCS cybersecurity requirements.
“As insurers, we must continue to work with our clients using a combination of policy and service improvements to help companies understand the need to strengthen their controls,” said Scott Sayce, Global Head of Compliance. cybersecurity at AGCS and global head of cybersecurity. Competence center for AGCS and the Allianz group, in the report.
“Not all ransomware attacks are targeted. Criminals are also deploying savage approaches to exploit companies that fail to address or understand the vulnerabilities they may have, ”he added.
Companies that take steps to prevent attacks and mitigate their impact will be much less likely to fall victim to ransomware, the report says.
Cyber loss of profit