Ransomware attacks are becoming more targeted, with greater ransoms being sought

The increased risk of huge losses from ransomware could take it beyond data theft as the leading cyber loss maker.

Ransomware attacks are increasing each year, which Thomas Harvey, senior product manager of RMS cyber solutions, said was due to the easy availability of ransomware to buy on the dark web.

Tom-Harvey-8x10

While data theft remains the leading loss maker for insurers and reinsurers among cyber, Harvey warned more attackers were changing their ransomware approach from a “spray and pay” approach across thousands of accounts to a more targeted approach – demanding more money from a single victim.

Attackers are targeting larger companies they believe to be more likely to pay and asking for hundreds of thousands of dollars, rather than seeking many smaller payments.

“Cumulatively taken across the year, data theft still has the largest financial impact. However increasingly in ransomware type events, as the amount of dollar is increasing in the ransom being asked for, and the sophistication of the ransomware increases, there is potential that looking forward that trend might turn towards ransomware,” Harvey said.

Harvey said advances in cyber defences, along with firms implementing processes like two-factor authentication, had seen reduction in accidental cyber loss, such as when data is accidentally disclosed on the web or a laptop is lost.

“Defences are good for mitigating the low-sophistication or accidental events, but the big skilful attackers will still attack you should they choose to,” Harvey warned.

The economic impact on the economy last year of cyber attacks overall is estimated at $600bn.

But looking at the standalone cyber market of what has been insured, Harvey said claims were around $1.5-2bn of insured loss. Further losses have been reported outside of the affirmative market, such as the NotPetya attack last year, incurring around $3bn in losses.

Harvey said re/insurers were worried about the potential of a costly cyber physical attack looking forward.

“That could happen tomorrow, next year or in ten years, but if something does happen it has the potential to be very large,” he added.

Topics