Cyber threats will be defined by greater complexity, a shift in the way actors use stolen data, and a resulting rise in U.S. class actions in the coming year, Beazley reports.
Specialist insurer Beazley has published its latest cyber services snapshot, a report that maps out the cyber security landscape for the coming year based on real-time, global cyber incident data handled by Beazley’s cyber services, including cause of loss by industry, ransomware, business email compromise, and data exfiltration. The cyber services snapshot also includes insights from Beazley’s front-line cyber incident response team around the world.
Fraudulent instruction as a cause of loss grew by 13% in 2022 up from 2021’s data. Small organizations were especially vulnerable to this category of cyber attack. Beazley’s report suggested that organizations invest in educating their employees to spot fraudulent instruction tactics such as spoof emails or domain names.
The cyber services snapshot also warned organizations to be wary of social engineering, bypassing of multi-factor authentication, targeting of managed service providers, and compromising of cloud environments, as these were likely areas of vulnerability in the coming year.
“At first glance, things hardly seem particularly new as we enter 2023,” said Beazley head of U.S. cyber services Russ Cohen. “Threat actors are still using the same kinds of ransomware vectors to attack, and we’re still talking about the same need for education and controls.”
But a look beneath the surface would reveal the “subtle but important” evolution of cyber incidents.
“As bad actors continue to identify and exploit vulnerabilities, the tools you’ve come to count on are not sufficient by default anymore; nor are the same instructions you’ve been giving your team for years,” Cohen said. “In the event of a breach, your organization’s vulnerabilities are greater than ever, and the costs could be higher.”
A symptom of the growing complexities of cyber incidents in the U.S. was the uptick in class actions in 2022, which saw victims filing for damages on the same kind of data breach – cyber extortion with data exfiltration. Beazley believed class actions for data breaches would surge in the U.S. over 2023 as stolen data became more and more accessible online and data privacy concerns rose.
Beazley noted the lack of any singular driver behind cyber extortion. Threat actors hardly need to manipulate data anymore, the cyber services snapshot found; they can simply steal data and distribute it.
“As threat actors bring new sophistication to their techniques and adapt to improved cybersecurity efforts, more and more companies will realize they can no longer count on the default configuration of off-the-shelf IT solutions and tools,” Cohen said.
Beazley continues to provide market-leading support, services, and tools to mitigate its clients’ risk to cyber threats and expedite recovery in case of a breach.
