2016 Ransomware Attacks Against Businesses Multiply Rapidly

Ransomware attacks against businesses will be four times higher in 2016 than last year, with a growing number of ransom-seeking hackers demanding bitcoin rather than money, according to a report by specialty insurer Beazley.

The Beazley Breach Insights report is based on the insurer’s client data breaches in the first nine months of 2016. During that period, Beazley Breach Response (BBR) Services unit managed 1,437 data breaches on behalf of clients compared to 931 breaches during the same period last year.

Overall, hackers are focusing more attention on financial institutions, according to Beazley. In the first nine months of 2016, hacking and malware breaches accounted for 39 percent of the data breaches suffered by financial institutions, up from 26 percent for the comparable period in 2015.

For healthcare providers, human error presents a larger risk. Breaches caused by unintended disclosure represented 40 percent of all healthcare industry incidents in 2016 to date, a sharp rise from 28 percent in the first three quarters of 2015. Beazley analysts said this is connected to the large amount of information shared between organizations in this industry. The report found that 19 percent of healthcare breaches were caused by hacking or malware in 2016, down from 28 percent in 2015.

The ransomware growth trend is particularly evident in the financial services, retail and hospitality sectors, according to the report.

“From what we are seeing, it appears that many hackers are finding it easier to make money by holding companies to ransom for bitcoin than through selling personal data on the dark web,” said Katherine Keefe, global head of BBR Services. “But the persistently high levels of hacking and malware attacks of all kinds are a reminder that organizations across industries, and of all sizes, need actionable plans ready to implement when a breach occurs.”

The breach response unit found that the ransoms sought from target companies remain low, often in the region of $1,000. But they are not the only costs incurred by companies that suffer attacks. Companies that are hit must often also pay for an extensive review of their systems and data to ensure that the malware has been removed and data is clean, according to the specialists at Beazley.

Beazley said its analysis of data breaches also revealed:

• Ransomware attacks are soaring. Beazley’s clients were the targets of more attacks in July and August of 2016 (52) than in all of 2015 (43). Beazley projects it will respond to four times as many ransomware attacks in 2016 as it did last year.
• Hacks are persistent. The proportion of data breaches deriving from hacking and malware attacks in the first nine months of this year across all industries in Beazley’s portfolio stood at 31 percent, in line with the percentage of such incidents observed in 2015 (32 percent).
• Hacking is also a growing menace for higher education. Nearly half of 2016 data breaches at higher education institutions (46 percent) were caused by hacking or malware, up from 38 percent of industry breaches in the first nine months of 2015.
• More than half of the breaches suffered by retailers derive from hacking and malware. The rate of hacking and malware in the retail industry remained high, accounting for 53 percent of all retail data breaches handled by BBR Services in the first nine months of 2016 compared to 51 percent in 2015.

Beazley said it has helped clients handle more than 4,500 data breaches since the launch of its in-house Beazley Breach Response unit in 2009. The BBR Services team coordinates the forensic, legal, notification and credit monitoring services for clients and develops Beazley’s risk management services designed to minimize the risk of a data breach occurring.

Source: Beazley