This year has seen a “worrying resurgence” in ransomware and extortion claims, Allianz Commercial warned in a new report. 

Following two years of high but stable loss activity, dangerous online activity is on the rise, according to the insurer.

Hackers are increasingly targeting IT and physical supply chains, launching mass cyber-attacks, and finding new ways to extort money from companies, large and small, it said.

The majority of ransomware attacks now involve the theft of personal or sensitive commercial data for the purpose of extortion, which raises the cost and complexity of incidents while also increasing the potential for reputational damage.  

Allianz Commercial’s analysis of large cyber losses shows the number of cases in which data is exfiltrated is increasing every year – doubling from 40% in 2019 to almost 80% in 2022. This year is significantly higher, the insurer warned.

“Cyber claims frequency has picked up again this year as ransomware groups continue to evolve their tactics,” said Scott Sayce, global head of cyber for Allianz Commercial. 

“Based on claims activity during the first half of 2023, we expect to see around a 25% increase in the number of claims annually by year-end. The attackers are back, and focused again on Western economies, with more powerful tools, enhanced processes, and attack mechanisms. 

“Given this dynamic, a well-protected company is necessary to stand up to the threat and, increasingly, the most important element of this is developing strong detection and fast response capabilities.”

According to Allianz Commercial’s report, Cyber security trends 2023: The latest threats and risk mitigation best practice – before, during and after a hack, the frequency of cyber claims stabilised in 2022, reflecting improved cyber security and risk management actions among insured companies.

The study also found that law enforcement agencies targeting gangs and the Ukraine-Russia conflict helped curtail ransomware activity.  

However, Allianz found that ransomware activity alone was up 50% year-on-year during the first half of 2023. 

Ransomware-as-a-Service (RaaS) kits, with prices starting as low as US$40, continue to be a major driver of attack frequency. Ransomware gangs are also carrying out more attacks more quickly, with the average number of days required to carry one out falling from around 60 days in 2019 to four.

Early detection important

Allianz argued that protecting an organisation against intrusion remains a cat-and-mouse game, in which cybercriminals have the advantage. 

Allianz's analysis of more than 3,000 cyber claims over the past five years showed that external manipulation of systems is the cause of more than 80% of all incidents. 

The report found that threat actors are now exploring ways to use artificial intelligence (AI) to automate and accelerate attacks, creating more effective AI-powered malware, phishing, and voice simulation. 

Allianz Commercial noted a growing number of incidents caused by poor cyber security in mobile devices, and predicted a further rise in mobile attacks. 

The insurer said early detection, response capabilities and tools were more important than ever for businesses. Attacks not tackled early were more difficult and expensive to halt, it said.

“Traditional cyber security has focused on prevention with the goal of keeping attackers out of a network,” said Rishi Baviskar, global head of cyber risk consulting for Allianz Commercial.

“While investment in prevention reduces the number of successful cyber-attacks, there will always be a ‘gap’ remaining that will enable attacks to get through. For example, it is not possible to stop all employees from clicking on increasingly sophisticated phishing emails.”

The underwriting group said companies should direct additional cyber security spend on detection and response, rather than just adding more layers to protection and prevention. 

Only one-third of companies discover a data breach through their own security teams. However, early detection technology is readily available and effective, the group said.

“Detection systems are constantly improving and can save lots of pain, decreasing detection and response times. This is something we look for in our cyber risk assessments and underwriting,” Baviskar added.

Cyber breaches that are not detected and contained early can be as much as 1,000 times more expensive than those that are, the report highlighted.

Allianz Commercial analysis found that early detection and response can stop a €20,000 loss from turning into a €20 million loss.

“Prevention drives frequency of attacks and response is responsible for how significant the loss will be – whether it is a minor IT incident or a corporate crisis,” said Michael Daum, global head of cyber claims for Allianz Commercial.

Daum added:  “We believe companies can meaningfully prepare and there is room for improvement in how they respond to these attacker threats. Ultimately, early detection and response capabilities will be key to mitigating the impact of cyber-attacks and ensuring a sustainable cyber insurance market going forward.”

December 2023