No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Allianz Report Finds Companies Need Stronger Controls to Stem Ransomware Tide

No Reason to Hope Ransomware Will Simply Fade Away in the Future, Cyber Insurer Predicts

by Corporate Compliance Insights
October 19, 2021
in Cybersecurity
Allianz Report Finds Companies Need Stronger Controls to Stem Ransomware Tide

Multiple factors are pushing ransomware, including growing attack patterns that include double and triple extortion, criminal business models taking advantage of ransomware, cryptocurrencies and wave of supply chain attacks

During the COVID-19 crisis, another outbreak took place in the cyber space: a digital pandemic driven by ransomware. In a new report, cyber insurer Allianz Global Corporate & Specialty (AGCS) has analyzed the latest risk developments around ransomware to put the scale of the crisis into scope.

The increasing frequency and severity of ransomware incidents is driven by several factors, the Allianz report determines:

  • Growing number of different attack patterns such as double and triple extortion campaigns
  • Criminal business model around ‘ransomware as a service’ and cryptocurrencies
  • Recent skyrocketing of ransom demands
  • Rise of supply chain attacks

“The number of ransomware attacks may even increase before the situation gets better,” said Scott Sayce, global head of cyber at AGCS. “Not all attacks are targeted. Criminals also adopt a scattergun approach to exploit those businesses that aren’t addressing or understanding the vulnerabilities they may have. As insurers we must continue to work with our clients to help businesses understand the need to strengthen their controls. At the same time, in today’s rapidly evolving cyber insurance market, providing emergency response services, as well as financial compensation, is now the standard.”

Government and private data indicate that ransomware and other attacks have surged, and these cyber risk trends are mirrored in AGCS’ claims experience. AGCS was involved in more than 1,000 cyber claims overall in 2020, up from about 80 in 2016, the company said. Specifically, the number of ransomware claims (90) rose by 50 percent compared to 2019 (60). Losses resulting from external cyber incidents such as ransomware or distributed denial of service (DDoS) attacks account for most of the value of all cyber claims analyzed by AGCS over the past six years.

Five Ransomware Trends

In the report, AGCS identifies five trends in the ransomware space, although the company points out that cyber criminals are clever and highly adaptable, which means conditions are constantly evolving.

  • Ransomware as a service: Run like a commercial business, hacker groups such as REvil and Darkside sell or rent their hacking tools to others. They also provide a range of support services. As a result, many more malicious threat actors are operating.
  • From single to double to triple extortion: Criminals combine the initial encryption of data or systems, or increasingly even their backups, with a secondary form of extortion, such as the threat to release sensitive or personal data. In such a scenario, affected companies have to manage the possibility of both a major business interruption and a data breach event, which can significantly increase the final cost of the incident. “Triple extortion” incidents can combine DDoS attacks, file encryption and data theft — and don’t just target one company but potentially customers and business partners.
  • Supply chain attacks the next big thing: There are two main types — those that target software/IT services providers and use them to spread the malware (for example, the Kaseya or SolarWinds attacks) — and those that target physical supply chains or critical infrastructure such as the one that impacted Colonial Pipeline. Service providers are likely to become prime targets as they often supply hundreds or thousands of businesses with software solutions and therefore offer criminals the chance of a higher payout.
  • Ransom dynamics: Ransom demands have rocketed over the past 18 months, which could make these attacks more enticing.
  • To pay or not to pay: Ransom payment is a controversial topic. Law enforcement agencies typically advise against paying extortion demands to avoid incentivizing attacks. Even when a company decides to pay a ransom, the damage may have already been done. Restoring systems and enabling the recovery of the business is a huge undertaking, even when a company has the decryption key.

Business Interruption and Recovery Cost Main Drivers of Losses

Business interruption and restoration costs are the biggest drivers behind cyber losses such as ransomware attacks, according to AGCS claims analysis. They account for over 50 percent of the value of close to 3,000 insurance industry cyber claims worth around $885 million the company has been involved in over six years.

The average total cost of recovery and downtime — on average 23 days — from a ransomware attack more than doubled over the past year, increasing from $761,106 to $1.9 million in 2021.

The surge in ransomware attacks in recent years has triggered a major shift in the cyber insurance market. Cyber insurance rates have been rising, according to broker Marsh, while capacity has tightened. Underwriters are placing increasing scrutiny on the cyber security controls employed by companies.


Tags: Cyber RiskCybercrimeRisk AssessmentTechnology
Previous Post

Allianz Cyber Insights Ransomware Trends: Risk and Resilience

Next Post

Proposed Inter-Agency Guidance Would Rewrite the Book on Third-Party Risk Management and Raise the Bar for SOC 2 Compliance

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

cisa website

What Can Your Organization Learn From the New CISA Strategic Plan?

by FTI Consulting
January 11, 2023

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung...

data minimization practices_w

Ransomware Threats Are Growing. How Can Boards Protect Mission-Critical Assets?

by Jim DeLoach
December 14, 2022

As the sophistication level of cyber attackers continues to rise, there’s probably not a business on Earth that isn’t at...

dirty words

For Cybersecurity Teams, ‘Audit’ Doesn’t Have to Be a Dirty Word.

by Troy Fine
December 7, 2022

Let’s face it: Nobody wants to be audited. For the average Joe, an IRS audit is a hassle (at best)....

Third Party And Vendor Risk Management For Financial Institutions

Third Party And Vendor Risk Management For Financial Institutions

by Aarti Maharaj
November 10, 2022

The marcus evans Third Party & Vendor Risk Management for Financial Institutions conference taking place in London, UK on 1-3...

Next Post
close up shot of a dollar bill

Proposed Inter-Agency Guidance Would Rewrite the Book on Third-Party Risk Management and Raise the Bar for SOC 2 Compliance

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT