Allianz Commercial warns increase in cyber claims, early detection could prevent $21m loss
Data exfiltration surged 80% in 2022 alone, versus the 40% in 2019.
Companies should allocate more cybersecurity spending to detection and response rather than solely focusing on prevention. The report emphasised that early detection and response can prevent a €20,000 ($21,089) loss from becoming a €20m ($21m) one, Allianz Commercial warned.
Data exfiltration, where data is stolen, has risen significantly from 40% in 2019 to almost 80% in 2022 and continues to grow in 2023.
Allianz Commercial also advises about the resurgence of ransomware and extortion claims in 2023, following two years of relatively stable loss activity.
Most ransomware attacks now involve stealing personal or sensitive commercial data for extortion, raising the cost and complexity of incidents and the potential for reputational damage.
"Cyber claims frequency has picked up again this year as ransomware groups continue to evolve their tactics. Based on claims activity during the first half of 2023, we expect to see around a 25% increase in the number of claims annually by year-end,” Scott Sayce, Global Head of Cyber at Allianz Commercial, noted.
“The attackers are back, and focused again on Western economies, with more powerful tools, enhanced processes, and attack mechanisms. Given this dynamic, a well-protected company is necessary to stand up to the threat, and increasingly, the most important element of this is developing strong detection and fast response capabilities." Sayce added.
ALSO READ: Business insolvencies witness sharp climb – Allianz Trade
What evolved?
Ransomware risk has evolved due to various factors, including the rise of Ransomware-as-a-Service (RaaS) kits, making attacks more frequent and accessible.
The average time taken to execute an attack has fallen from around 60 days in 2019 to four days in 2023.
Double and triple extortion incidents, involving encryption, data exfiltration, and Distributed Denial of Service attacks, are also becoming more common, as the amount of personal data collected and data breach regulations tighten.
Data exfiltration significantly increases the cost of a cyber claim, with longer resolution times and higher legal and IT forensics expenses.
Mass ransomware attacks have also become more prevalent, targeting multiple companies through software exploits and IT supply chain vulnerabilities.
Public awareness of cyber incidents has grown, with data exfiltration often leading to public exposure.
Companies under pressure to pay ransom have seen an increase in payments, especially when data is exfiltrated, but paying a ransom doesn't guarantee the issue is resolved. Third-party litigation may still occur.
Early detection and fast response are crucial in defending against cyberattacks, as threat actors use artificial intelligence (AI) to automate and accelerate their attacks. While prevention efforts reduce the number of successful attacks, there will always be gaps, making detection and response capabilities vital.