Ransomware will continue to evolve in 2022

Cybercrime is estimated to have cost as much as $6 trillion in 2021 and criminal gangs and state-sponsored attackers become more more targeted and sophisticated in their MO, resulting in major attacks against Colonial Pipeline, Kaseya and SolarWinds among others.

The shift towards remote and hybrid working and cloud-hosted infrastructure has also offered new scope to exploit vulnerabilities and discover new attack vectors. 

As organisations review their cyber risk management strategies against this backdrop and the reality of a hard cyber insurance market, the cyber criminal landscape will continue to develop. 

This is according to Raf Sanchez, head of Cyber Services at Beazley. “Despite the efforts of various stakeholders in the risk management space, from private organisations to insurers, ransomware will continue to be a persistent and evolving threat in the coming year, making a layered defence including technical and operational measures backed by robust cyber insurance cover essential.”

He notes the relatively unexpected impact of many cyber incidents is the knock on damage to reputation and goodwill: ”Whilst many organisations know to expect short-term technical and operational impacts, we find they are often un-prepared for the longer lasting impact on their reputation.”

“This is because many incidents are notifiable not just to regulators but often must be disclosed to clients (who have inserted mandatory notification obligations into supply contracts). Also, staff may find out about these incidents when they are asked to help remediate them or if they are impacted themselves, for example, if payroll is delayed.”

”We expect an increase in D&O claims linked to cyber-attacks in the coming year and also expect an increase in third-party litigation arising out of cyber events.”

Sanchez warns that lockdown restrictions will continue to shape the threat landscape moving foward. “With many organisations stating that hybrid and remote work is here to stay, attackers are continuing to exploit this attack vector even more efficiently so the requirement for cyber insurance that protects against malicious attacks has dramatically increased and will continue to do so.”

“I predict that the cyber-criminal landscape will continue to develop over the coming year; the tactics currently being implemented are so effective at generating financial rewards that they are only likely to increase in frequency, innovation and efficacy,” he concludes.

“The specialisation we have seen emerging over the past year, with certain groups of cybercriminals concentrating on specific strategies, will continue.”