Double and triple extortion and supply chain attacks are driving the surge in ransomware incidents - AGCS

During the COVID-19 crisis another outbreak has happened in cyber space: a digital pandemic driven by ransomware. Malware attacks that encrypt company data and systems and demand a ransom payment for release are surging globally.

The increasing frequency and severity of ransomware incidents is driven by several factors: the growing number of different attack patterns such as ‘double’ and ‘triple’ extortion campaigns; a criminal business model around ‘ransomware as a service’ and cryptocurrencies; the recent skyrocketing of ransom demands; and the rise of supply chain attacks.

In a new report, Allianz Global Corporate & Specialty (AGCS) analyses the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices. 

“The number of ransomware attacks may even increase before the situation gets better,” says Scott Sayce, global head of Cyber at AGCS. “Not all attacks are targeted. Criminals also adopt a scattergun approach to exploit those businesses that aren’t addressing or understanding the vulnerabilities they may have.”

”As insurers we must continue to work with our clients to help businesses understand the need to strengthen their controls,” he continued. “At the same time, in today’s rapidly evolving cyber insurance market, providing emergency response services, as well as financial compensation, is now the standard.”

Rising frequency of attacks

Cyber intrusion activity globally jumped 125% in the first half of 2021 compared to the previous year, according to Accenture, with ransomware and extortion operations one of the major contributors behind this increase.

According to the FBI, there was a 62% increase in ransomware incidents in the US in the same period that followed an increase of 20% for the full year 2020.

These cyber risks trends are mirrored in AGCS’ claims experience. The insurer was involved in over a thousand cyber claims overall in 2020, up from around 80 in 2016; the number of ransomware claims (90) rose by 50% compared to 2019 (60).

In general, losses resulting from external cyber incidents such as ransomware or Distributed Denial of Service (DDoS) attacks account for most of the value of all cyber claims analysed by AGCS over the past six years.

Increasing reliance on digitalisation, the surge in remote working during COVID-19, and IT budget constraints are just some of the reasons why IT vulnerabilities have intensified, offering countless access points for criminals to exploit.

The wider adoption of cryptocurrencies, such as Bitcoin, which enable anonymous payments, is another key factor in the rise of ransomware incidents.

Business interruption and recovery costs drive severity of losses

Business interruption and restoration costs are the biggest drivers behind cyber losses such as ransomware attacks. They account for over 50% of the value of close to 3,000 insurance industry cyber claims worth around €750mn ($885mn) it has been involved in over six years.

The average total cost of recovery and downtime – on average 23 days – from a ransomware attack more than doubled over the past year, increasing from $761,106 to $1.85m in 2021.

The surge in ransomware attacks in recent years has triggered a major shift in the cyber insurance market. Rates have been rising, according to Marsh, while capacity has tightened. Underwriters are placing increasing scrutiny on the cyber security controls employed by companies.

“Three out of four companies do not meet AGCS’ requirements for cyber security,” explains Marek Stanislawski, global cyber underwriting lead at AGCS. “Companies need to invest in cyber security. Losses can be avoided if organisations follow best practices. A house with an open door is much more likely to be burgled than a locked house.”

Rishi Baviskar, Global Cyber Experts leader at AGCS Risk Consulting, added: “In around 80% of ransomware incidents losses could have been avoided if the organisations had followed best practices. Regular patching, multi-factor authentication, as well as information security and awareness training and incident response planning are essential to avoiding ransomware attacks and also constitute good cyber hygiene.”

“If companies adhere to best practice recommendations there is a good chance that they will not become ransomware victims. Numerous security gaps can be closed, often with simple measures.”

In the event of an attack, cyber coverage has evolved to provide emergency incident response services that typically include access to a professional crisis manager, IT forensic support and legal advisory.

Further offerings include IT security training for employees and assistance with the development of a cyber crisis management plan.