Uptick in ransomware highlights need for better detection and response tools

New report looks into large cyber losses and their climbing costs for firms

Uptick in ransomware highlights need for better detection and response tools


By Kenneth Araullo

Allianz Commercial has issued a new report warning of a concerning resurgence in ransomware and extortion claims in 2023.

This development follows two years of relatively stable but high loss activity, with the evolving cyber threat landscape seeing hackers increasingly target both IT and physical supply chains. Dark web groups have also launched mass cyber-attacks and devised new methods of extorting money from businesses of all sizes.

A significant shift in ransomware attacks involves the theft of personal or sensitive commercial data for extortion purposes, leading to increased costs, complexity, and potential reputational damage. In the insurer’s analysis of large cyber losses, it was revealed that the number of cases involving data exfiltration has doubled from 40% in 2019 to nearly 80% in 2022, with 2023 showing a significant rise.

Allianz Group global head of cyber centre of competence Scott Sayce said that the company expects to see a 25% increase in cyber claims annually by the end of the year, highlighting a necessity for developing strong detection and fast response capabilities.

Ransomware risk evolution

The Allianz Commercial report, “Cyber security trends 2023: The latest threats and risk mitigation best practice – before, during and after a hack,” notes that cyber claims frequency stabilised in 2022, indicating improved cyber security and risk management among insured companies. Law enforcement efforts against cybercriminals, along with factors like the Ukraine-Russia conflict, contributed to a decrease in ransomware activity.

However, the first half of 2023 saw a 50% year-on-year increase in ransomware activity. Ransomware-as-a-Service (RaaS) kits, with prices starting at just $40, remain a driving force behind these attacks. Ransomware gangs are also executing attacks faster, with the average time to launch a ransomware attack decreasing from around 60 days in 2019 to just four days.

“Double and triple extortion incidents – using a combination of encryption, data exfiltration and distributed denial of service attacks – to obtain money are not new but they are now more prevalent,” said Michael Daum, global head of cyber claims at Allianz Commercial. “Several factors are combining to make data exfiltration more attractive for threat actors. The scope and amount of personal information being collected is increasing, while privacy and data breach regulations are tightening globally. At the same time, the trends towards outsourcing and remote access leads to more interfaces for threat actors to exploit.”

Double and triple extortion incidents, involving a combination of encryption, data exfiltration, and distributed denial of service (DDoS) attacks, are becoming more prevalent. Several factors contribute to the increased attractiveness of data exfiltration for threat actors, and there is a growing amount of personal information collected, tightening privacy and data breach regulations globally, and a trend towards outsourcing and remote access. These factors create more opportunities for threat actors to exploit interfaces.

In the past, the number of cyber incidents made public was relatively low. However, with data exfiltration, hackers are now threatening to publish stolen data online. Allianz Commercial's analysis of large cyber losses (€1 million+) shows that the proportion of cases becoming public increased from around 60% in 2019 to 85% in 2022, with 2023 expected to be even higher.

Companies facing the public disclosure of stolen data may feel pressured to pay ransoms, with the report finding that the number of companies paying a ransom has increased year-on-year, from 10% in 2019 to 54% in 2022, based on analysis of large losses only (€1 million+). However, paying a ransom for exfiltrated data does not necessarily resolve the issue, as the company may still face third-party litigation for data breaches, especially in the United States.

The importance of early detection and fast response

Preventing cyber-attacks is becoming increasingly challenging, as threat actors explore new methods, including artificial intelligence, to automate and accelerate attacks. This, combined with the rise in connected mobile devices, underscores the importance of early detection and fast response capabilities and tools.

Allianz's analysis of more than 3,000 cyber claims over the past five years shows that over 80% of all incidents are caused by external manipulation of systems. Companies are advised to allocate additional cyber security spend on detection and response rather than adding more layers to protection and prevention.

“Prevention drives frequency of attacks and response is responsible for how significant the loss will be – whether it is a minor IT incident or a corporate crisis. We believe companies can meaningfully prepare and there is room for improvement in how they respond to these attacker threats. Ultimately, early detection and response capabilities will be key to mitigating the impact of cyber-attacks and ensuring a sustainable cyber insurance market going forward,” Daum said.

What are your thoughts on this story? Please feel free to share your comments below.


Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!