An increase in ransomware attacks in 2023 is challenging companies' cyber security defenses according to a new report by Allianz Commercial.
The new report Cyber security trends 2023 - The latest threats and risk mitigation best practice – before, during and after a hack from Allianz Commercial published in October 2023 reflects an increase in ransomware attacks so far this year and reveals that hackers are increasingly favouring supply chain attacks to maximize leverage, while the number of large cyber losses involving data exfiltration has surged.
Allianz Commercial global head of cyber Scott Sayce said the number of cyber insurance claims is on track to close the year 25% higher after the level of claims stabilized in 2022. With ransomware activity up 50% during the first half of 2023, claims are set to rise above 2022 levels.
Mr. Sayce said, “The attackers are back and focused again on Western economies with more powerful tools, enhanced processes, and attack mechanisms. Given this dynamic, a well-protected company is necessary to stand up to the threat and, increasingly, the most crucial element of this is developing strong detection and fast response capabilities.”
The report said, “Most ransomware attacks now involve the theft of personal or sensitive commercial data for the purpose of extortion, increasing the cost and complexity of incidents, as well as bringing greater potential for reputational damage.
The report notes that ransomware-as-a-service attacks are driving the increased frequency of attacks in 2023, while ransomware gangs are carrying out attacks at a faster rate, taking on average four days to execute an attack.
Several factors are combining to make data exfiltration more attractive for threat actors. The scope and amount of personal information being collected is increasing, while privacy and data breach regulations are tightening globally. At the same time, the trends towards outsourcing and remote access leads to more interfaces for threat actors to exploit.
Companies should channel additional cyber security investment in detection and response, rather than add more layers to protection and prevention. Cyber attacks that are undetected and contained early can multiply the cost of a breach by as much as 1,000.