Page 57 - Cyber Defense eMagazine December 2022 Edition
P. 57
has the potential to be another year of high claims frequency, as cyber claims historically have occurred
predominantly in the third and fourth quarters of the year.
Despite the efforts of law enforcement agencies, the frequency of ransomware attacks remains high, as
does related claims activity. Ransomware attacks hit a record 623 million in 2021, double the number in
2020 and a 232% increase since 2019. Despite a 23% reduction in frequency at the start of this year, the
number of ransomware attacks globally in the first half of 2022 still exceeded full-year totals of 2017,
2018 and 2019, according to SonicWall’s Cyber Threat Report, while Europe actually recorded a 63%
surge in ransomware attacks in the first half of 2022. Meanwhile, ransomware is forecast to cause $30bn
in damages to global organizations by 2023, remaining the top cyber threat to enterprises as well as
governments, according to cyber protection industry estimates.
There is no denying that cyber extortion, and ransomware, has become big business. Ransomware-as-
a-service (RaaS), which gives cyber criminals access to ransomware tools and support services, has
lowered the barriers to entry and enabled criminals to scale up their efforts and ramp up their attacks.
With average ransom demands in 2021 in the millions and RaaS kits costing as little as $40 per month,
cyber criminals can make huge returns with little investment or technical expertise from ransomware
attacks.
On a positive note, there are some signs, however, that risk management actions taken by insured
companies are beginning to take effect, yet overall the frequency and severity of ransomware and cyber
extortion claims for AGCS has increased significantly in recent years.
Rising severity: Double extortion is now the norm
The severity of ransomware claims continues to rise year-on-year as gangs employ increasingly
sophisticated attack tools and extortion techniques. The value of ransomware claims globally has
increased significantly since 2019, accounting for well over 50% of all cyber claims costs that AGCS has
been involved in together with other insurers over the past two years and remains a significant cost driver
through 2022 to date. Business interruption, restoration costs and expert fees are the main loss drivers
in a ransomware event.
In a traditional ransomware attack, criminals infiltrate a network and use malware to encrypt files,
demanding a ransom in return for its restoration. A double extortion attack, however, also involves the
theft of sensitive data, which is then used as leverage for extortion. By exfiltrating data, criminals can
make ransom demands of companies even if they successfully restore data from backups.
Triple extortion goes one step further, with criminals making extortion demands of business partners,
customers, or suppliers that may be affected by data stolen in the initial attack. Double and triple extortion
adds to the cost of a ransomware attack, as well as introducing an element of third-party liability.
Cyber Defense eMagazine – December 2022 Edition 57
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.