Cyber claims are surging, according to a new report by Allianz Commercial, making detection and response tools increasingly important, they say. “Companies should direct additional cyber security spend on detection and response, rather than just adding more layers to protection and prevention,” say the authors of the Allianz Commercial report, Cyber security trends 2023: The latest threats and risk mitigation best practice – before, during and after a hack. “Early detection technology is readily available and effective.” They add that this is something the company looks for in its cyber risk assessments and underwriting.
Their reasons are compelling: Allianz says cyber breaches that are not detected and contained early can be 1,000 times more expensive than those that are. More, they say analysis shows that the number of cases in which data is exfiltrated – taken from the company – is soaring, as are the number of incidents that are becoming public: The proportion of cases becoming public increased from 60 per cent in 2019 to 85 per cent in 2022. “Following two years of high but stable loss activity, 2023 has seen a worrying resurgence in ransomware and extortion claims as the cyber threat landscape continues to evolve,” the company warns.
The report also looks at how threat actors are now exploring the use of artificial intelligence (AI) to automate and accelerate attacks. The internet of things and skills shortages are also discussed as risks.
Their analysis shows that the number of cases in which data is exfiltrated has doubled from 40 per cent in 2019 to almost 80 per cent in 2022. They say the numbers in 2023 will be significantly higher – the company expects to see a 25 per cent increase in the number of claims annually by the end of 2023.
“The attackers are back and focused again on Western economies, with more powerful tools, enhanced processes and attack mechanisms. Given this dynamic, a well-protected company is necessary to stand up to the threat and increasingly, the most important element of this is developing strong detection and fast response capabilities,” says Allianz’ global head of cyber, Scott Sayce.
Ransomware activity was up 50 per cent in the first half of 2023. Ransomware-as-a-Service (RaaS) kits, available to buy for as little as $40/month, remain a key driver in the frequency of attacks, they add.
“Ransomware gangs are also carrying out more attacks faster, with the average number of days taken to execute one falling from around 60 days in 2019 to four,” they state.