has the potential to be another year of high claims frequency, as cyber claims historically have occurred
            predominantly in the third and fourth quarters of the year.

            Despite the efforts of law enforcement agencies, the frequency of ransomware attacks remains high, as
            does related claims activity. Ransomware attacks hit a record 623 million in 2021, double the number in
            2020 and a 232% increase since 2019. Despite a 23% reduction in frequency at the start of this year, the
            number of ransomware attacks globally in the first half of 2022 still exceeded full-year totals of 2017,
            2018 and 2019, according to SonicWall’s Cyber Threat Report, while Europe actually recorded a 63%
            surge in ransomware attacks in the first half of 2022. Meanwhile, ransomware is forecast to cause $30bn
            in damages to global organizations by 2023, remaining the top cyber threat to enterprises as well as
            governments, according to cyber protection industry estimates.

            There is no denying that cyber extortion, and ransomware, has become big business. Ransomware-as-
            a-service (RaaS), which gives cyber criminals access to ransomware tools and support services, has
            lowered the barriers to entry and enabled criminals to scale up their efforts and ramp up their attacks.
            With average ransom demands in 2021 in the millions and RaaS kits costing as little as $40 per month,
            cyber criminals can make huge returns with little investment or technical expertise from ransomware
            attacks.

            On a positive note, there are some signs, however, that risk management actions taken by insured
            companies are beginning to take effect, yet overall the frequency and severity of ransomware and cyber
            extortion claims for AGCS has increased significantly in recent years.



            Rising severity: Double extortion is now the norm

            The  severity  of  ransomware  claims  continues  to  rise  year-on-year  as  gangs  employ  increasingly
            sophisticated  attack  tools  and  extortion  techniques.  The  value  of  ransomware  claims  globally  has
            increased significantly since 2019, accounting for well over 50% of all cyber claims costs that AGCS has
            been involved in together with other insurers over the past two years and remains a significant cost driver
            through 2022 to date. Business interruption, restoration costs and expert fees are the main loss drivers
            in a ransomware event.

            In  a  traditional  ransomware  attack,  criminals  infiltrate  a  network  and  use  malware  to  encrypt  files,
            demanding a ransom in return for its restoration. A double extortion attack, however, also involves the
            theft of sensitive data, which is then used as leverage for extortion. By exfiltrating data, criminals can
            make ransom demands of companies even if they successfully restore data from backups.


            Triple extortion goes one step further, with criminals making extortion demands of business partners,
            customers, or suppliers that may be affected by data stolen in the initial attack.  Double and triple extortion
            adds to the cost of a ransomware attack, as well as introducing an element of third-party liability.












            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         57
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.