According to a report released by Allianz Global Corporate & Specialty (AGCS), global cyberattacks skyrocketed in a ransomware-triggered digital pandemic during the COVID-19 crisis.
In addition, the report finds that business interruption and recovery costs are the leading cause of financial loss for businesses.
An AGCS analysis of its total cyber damage over the past six years shows that the cost of business interruption and recovery from an attack is over 50% of the value of nearly 3,000 cyber damage in the insurance industry, valued at around € 750 million (€ 885 million U.S. dollar). (AGCS started taking out cyber insurance in 2013).
“The average total cost of recovery and downtime – an average of 23 days – after a ransomware attack more than doubled over the past year, increasing from $ 761,106 to $ 1.85 million in 2021,” said the AGCS Cyber Insights Report, entitled “Ransomware Trends: Risks and Resilience,” published last month.
“When it comes to cyber business interruptions, timing is everything. If you pay a ransom note after a week, the loss has already crystallized and the cost of recovery is already underway. For example, the cost of hiring forensic scientists and response consultants can be as high as $ 2,500 a day and easily reach seven figures, “commented Rishi Baviskar, Global Cyber Experts Leader, Risk Consulting, AGCS, quoted in the report will.
“Malware attacks that encrypt corporate data and systems and require a ransom to be paid for release are on the rise worldwide,” said a press release attached to the report.
As an indicator of this increase, AGCS cited a report from Accenture which found that cyber-penetration activity increased 125% globally in the first half of 2021 compared to the same period in 2020, with ransomware and extortion operations being the two largest contributors to this have achieved a three-digit increase.
Additionally, there was a 62% increase in ransomware incidents in the US in the first six months of 2021, followed by a 20% increase in the number of incidents for all of 2020 and a 225% increase in ransom demands, shared the AGCS. with a report citing statistics from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).
AGCS said these cyber risk trends are reflected in their own claims experience. AGCS recorded more than 1,000 cyber claims in total in 2020, up from around 80 in 2016. In addition, it received 90 ransomware claims in 2020, a 50% increase from 2019 (when it received 60 claims).
This trend continued in 2021 with more than 500 total cyber claims received by AGCS in the first half of the year.
“Losses due to external incidents such as Distributed Denial-of-Service attacks (DDoS) and ransomware campaigns account for the majority of the cyber claims value (81%) that AGCS has analyzed over the past six years,” said it in the report.
The increasing reliance on digitization, the rise in remote working during COVID19 and IT budget constraints are just some of the reasons IT vulnerabilities have increased, the report said, explaining that there are now myriad access points for criminals to that they can take advantage of.
In addition, the wider adoption of cryptocurrencies like Bitcoin, which enables anonymous payments, is another key factor behind the rise in ransomware incidents, AGCS said in the press release.
Bitcoin, which is estimated to make up around 98% of ransomware payments, is relatively easy to acquire and use, while payments are verifiable, the report said. “Transactions can also be carried out anonymously, so that perpetrators can keep their identity secret.”
Cryptocurrencies are “the weak link that enables criminals to bypass traditional institutions and hide behind the anonymity built into the technology,” said Thomas Kang, Head of Cyber, Tech and Media, North America at AGCS, who said in the report was quoted. “Stricter enforcement and compliance with ‘knowyourcustomer’ and anti-money laundering laws could, however, help disrupt the ransomware business model.”
The report identifies the main trends in the current ransomware space:
• Development of ransomware as a service (RaaS). RaaS made it easier for criminals to carry out attacks. Hacker groups like REvil and Darkside, which operate like a commercial company, sell or rent their hacking tools to others. They also offer a range of support services. As a result, there are many more malicious threat actors at work. “With a subscription as low as $ 40 per month, successful attacks can generate many thousands of dollars in ransomware payments.”
• Increase in double and triple extortion tactics. “Double blackmail” tactics are on the rise. Criminals combine the initial encryption of data or systems or, increasingly, their backups with a secondary form of extortion, such as the threat to surrender sensitive or personal data. In such a scenario, affected organizations must cope with both the possibility of a major business interruption and a data breach, which can significantly increase the end cost of the incident.
“Triple extortion” incidents can combine distributed denial-of-service (DDoS) attacks, file encryption and data theft – and not only affect a company, but potentially also its customers and business partners. One notable case cited in the report was a psychotherapy clinic in Finland that received a ransom note while also demanding smaller sums of money from patients who received individual ransom demands by email. “The attackers threatened to post the therapists’ meeting notes unless they paid a ransom.”
• Increasing attacks on the supply chain. “There are two main types [of supply chain attacks] – those that target and use software / IT service providers to spread the malware and those that target physical supply chains such as critical infrastructures. Examples of attacks targeting software / IT service providers were the Kaseya and Solarwinds attacks, while an example of a physical attack on the supply chain was the Colonial Pipeline attack, the largest cyberattack on US oil infrastructure to date . The report found that service providers are likely to become major target audiences as they often provide software solutions to hundreds or thousands of companies and therefore offer criminals a chance for a higher payout.
• Soaring ransom demands. Ransom demands have skyrocketed over the past 18 months, the report said, noting that the average U.S. extortion demand was $ 5.3 million for the first half of 2021, up 518% from the previous year 2020 average. The report quoted cybersecurity firm Palo Alto Networks as saying the peak demand was $ 50 million, up from $ 30 million last year.
Pay or not pay ransom demands
The AGCS report highlighted that cyber ransom payment is controversial. “Law enforcement agencies typically advise against paying extortion charges, which could fuel the problem and potentially encourage further attacks in the future,” it said.
“Paying a ransom is also no guarantee that a company can quickly get its files and restore its systems. In many cases, by the time the ransom is paid, the damage is already done, and most organizations have already lost revenue and incurred the cost of restoring files and systems, ”the report continued.
“Even if a company pays a ransom, it takes a lot of effort to restore files and get systems working again. This is a huge undertaking even if you have a decryption key, ”said Marek Stanislawski, AGCS Global Cyber Underwriting Lead, in the report.
The report said the ransomware pandemic in recent years has caused a major shift in the cyber insurance market “as shippers and insured parties seek to mitigate the increasing frequency and severity of attacks and the resulting cyber insurance claims.”
As a result of these claims trends, the tariffs for cyber insurance have risen and capacities have become scarcer. US rates rose more than 50% in the second quarter of 2021 alone, AGCS said, citing a Marsh report.
“The underwriters review the cybersecurity controls in place by companies and assess the risks accordingly,” says the AGCS report, noting that three out of four companies do not meet AGCS ‘cybersecurity requirements.
“As an insurer, we must continue to work with our customers using a combination of policy and service improvements to help companies understand the need to strengthen their controls,” said Scott Sayce, AGCS global head of cyber and Global Head of Cyber Competence Center for AGCS and the Allianz Group, in the report.
“Not all ransomware attacks are targeted. Criminals also use savage scattergun approaches to take advantage of companies that don’t address or understand the vulnerabilities they may have, ”he added.
Companies that take steps to prevent attacks and mitigate the impact will be far less likely to fall victim to ransomware, the report confirmed.
Business interruption in the event of cyber profit loss