Extortion driven cyberattacks remain a significant factor in 2023, but there are indications targeted companies are starting to resist paying cybercriminals.

The Resilience Mid-Year 2023 Claims Report highlights a shift in the cybercrime industry with companies become more resistant to extortion demands while the cybercriminals are adjusting their tactics to bypass security controls by hitting critical vendors while seeking larger targets.

The MOVEit attacks in May 2023 – which hit the file transfer platform that is used by organisations worldwide – suggests ransomware groups are now scaling attacks through vendors.

The shift in data noted by Resilience, a Silicon Valley-based enterprise cyber risk startup dedicated to creating a new generation of cyber resilient businesses, demonstrates how suddenly the threat landscape evolves. This directly affects the insurance market, as clients feel the impact through incidents, and insurers see a rise in claims.

 Vishaal Hariprasad, CEO & Co-Founder of Resilience, said: “Ransomware remains a top concern for our clients, with data from firms like Chainalysis showing 2023 is on track to be one of the most active years on record. However, ransomware risk can be mitigated to the point that victims can choose not to pay a ransom.”

In the UK, 39% of businesses reported suffering a cyberattack in 2022 and understanding the changes in cybercriminal activity can help organisations better prepare their security to limit financial damages and criminal profits.

When Resilience’s claims data is overlapped with data from ransomware incident response partner Coveware, blockchain analytics firm Chainanalysis, security partner Zscaler, and security firm Sophos, five key findings that impact both network defenders and the cyber insurance industry at large can be identified:

• Ransomware notices comprised 16.2% of  total claims in H1 2023, but only 15% of Resilience clients who experienced an extortion incident in this timeframe chose to pay to resolve an incident. This is less than half of the 2023 average rate of 39.5% observed by Coveware for the same period and is down from 21.4% for Resilience Clients in 2022.
• Data from blockchain intelligence provider Chainalysis shows that ransom costs continue to increase despite the decline in total payments made. This potentially indicates a return to “big-game hunting” tactics as criminal actors focus on bigger targets.
• The MOVEit attacks in May this year signalled ransomware tactics evolving towards targeting third-party vendors to scale their attacks. As of Q1 2023, phishing attacks are clients’ number one point of failure.
• Threat actors are pivoting their approach to a new encryption-less extortion tactic, threatening to release sensitive data publicly. In Q1 of 2023, ransomware-related losses comprised 17.8% of claims notices.
• While financial services have always been a target for cybercrime, healthcare-related companies make up the largest proportion of Resilience claims notices at 20.4% as of Q1 2023. However, in Q2 of 2023, manufacturing accounted for 39% of claims notices, dwarfing the traditional targets of finance and healthcare.

Further cause for concern has been raised by Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd, in their 2023 Mid-Year Security Report which show an 8% increase in global weekly cyberattacks in the second quarter – the most significant increase in two years.

The report  highlights how attackers have combined next-gen AI technologies with long-established tools like USB devices to conduct disruptive cyberattacks to evade defensive measures. Ransomware attacks have also escalated in the first half of the year with new  groups being identified.

Cyber policies offered by W Denis provide more than just insurance, they are inclusive of additional services which help to mitigate the impact of a data breach/hack etc, including PR services to manage the crisis, forensics to investigate the root cause and expertise to eradicate the issue. Locked systems and ransomware can be catastrophic to a business and even with the opportunity to negotiate on potential payments, prudent risk managers procure comprehensive cyber insurance in order to access the wide range of support services to help the business in the event of a claim.

To discuss this further with a broker at W Denis, please make arrangements with Daniel Moss at daniel.moss@wdenis.co.uk or on 0044 (0)113 2439812 or contact Mark Dutton at mark.dutton@wdenis.co.uk or on 0044 (0) 7831 366 469