The share of policyholders who filed a cyberattack claim jumped by 50% from the first half of 2020 compared to the first half of 2021, according to a new report by cyber insurer Coalition.
An increasing number of attacks were made against smaller organizations, while both the amount of ransom demanded and the amount stolen through fund transfer fraud more than doubled, the company said.
“It’s clear that ransomware and other cyber crimes have escalated considerably in the past year,” stated said Joshua Motta, chief executive officer and co-founder of Coalition. “Bad actors are targeting everything from critical infrastructure to the corner store.”
To compile the report, Coalition analyzed claim data from January through June 2021 from its 50,000 policyholders in the United States and Canada and compared the frequency and severity of claims to data from the first half of 2020.
The report says 2.4% of Coalition customers filed a cyber claim in the first half of 2021 compared to 1.6% in the first half of 2020. The frequency of claims against policyholders with fewer than 250 employees jumped 57% during that period.
Coalition said the analysis shows that cyber criminals seized an opportunity created by the COVID-19 pandemic when employees began working remotely, often using Microsoft Remote Desktop (RDP) to connect to their home offices. Left exposed to the internet, those access points became favorite targets for criminals.
“Many companies failed to recognize that what makes it easier for their employees to access accounts and sensitive information also makes it easier for hackers to target and access the same information,” the report says.
“Criminals seized the opportunity, increasing the sophistication of their operations and evolving their tactics with precision. They started targeting new industries, smaller businesses, and smaller pockets.”
The number of organizations that were RDP enabled when they applied for insurance with Coalition nearly doubled from the first half of 2020 to 2021, the insurer said. The rate of policyholders who experienced a claim due to exposed RDP also increased from 29% to 40%, and the severity of these incidents increased by 103%.
Remote work also led to more electronic fund transfers, creating opportunities for hackers to use social engineering and phishing to steal money. The Coalition said the average funds transfer fraud claim was $247,000 in the first half of 2021, compared to $215,000 in the first half of 2020 and $88,000 in the first half of 2019.
Coalition said electronic fund transfers and ransomware attacks make up 50% of claims.
When hackers succeeded in planting ransomware on policyholder servers, they demanded far more from policyholders. Coalition said the average ransomware demand increased from $444,489 in the first half of 2020 to $1,304,743 in the second half of that year, and then dropped slightly to $1,193,159 in the first half of 2021.
But hackers didn’t always get that money. Coalition said the average severity of ransomware claims dropped to $184,000 in the first half of 2021 compared to $339,000 in the second half of 2020 and $284,000 in the first half of 2020. The company said it was able to negotiate with ransomware hackers to reduce the amount of their demands.
The report says, however, that ransomware attacks won’t go away as long as criminals keep finding ways to take organizations’ data hostage. Coalition said it has seen the emergence of ransomware as a service, which allows criminals with limited technical expertise to try their hand at cyber extortion.
“A RaaS kit may include 24/7 support, bundled offers, user reviews, and forums like legitimate SaaS companies,” the company said.
The report cites data from security firm Coveware that 70% of ransomware attacks impact organizations with fewer than 1,000 employees, which may be more vulnerable to attacks.
*This story ran previously in our sister publication Insurance Journal.