Cyber losses are increasing in frequency and severity

Cyber attacks have increased in number and severity since the onset of the pandemic. The changes organizations implemented to facilitate remote work have given cybercriminals new opportunities to launch campaigns exploiting mass uncertainty and fear.

Ransomware attack severity increases

In fact, since the beginning of COVID-19, Coalition observed a 47% increase in the severity of ransomware attacks, on top of a 100% increase from 2019 to Q1 2020.

Researchers also found that newer strains of ransomware have been particularly malicious, with costly ransom demands and criminal actors threatening to expose an organization’s data if they don’t pay the ransom demand. They report that the average Maze demand is approximately six times larger than the overall average ransom demand.

Funds transfer fraud and social engineering

Since the beginning of the pandemic, researchers also reported a 35% increase in funds transfer fraud and social engineering claims filed by their policyholders. Reported losses from these types of attacks have ranged from the low thousands to well above $1 million per event.

Additionally, COVID-19 has resulted in a notable surge of business email compromise. Coalition observed a 67% increase in the number of email attacks during the pandemic.

Coalition’s findings indicate that ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss — accounting for 87% of reported incidents and 84% of claims payouts in the first half of 2020. Digging deeper into what ultimately caused these claims, Coalition found that:

• Due to the transition to remote work, exploitation of remote access was the root cause of reported ransomware incidents
• Email intrusion, invoice manipulation, and domain spoofing were the most common attack techniques for funds transfer fraud incidents
• Organizations that use Outlook for email were more than three times as likely to experience a business email compromise as compared to organizations that use Gmail

“When it comes to cyber loss, the conventional wisdom is that it’s not ‘if’ it will happen, but ‘when’,” said Joshua Motta, CEO, Coalition. “We’re in a heightened state of cyber vulnerability: human errors are more likely to be made remotely, new technology is being deployed on a daily basis to support remote work setups, and cybercriminals are taking advantage.”

The report also shows that criminal actors target organizations of all sizes. While larger organizations in the sample (with revenues of $100M-$250M) were five times as likely to experience claims as small organizations (with revenues under $10M), the severity of losses was often well into six figures, regardless of the organization’s size. This highlights the disproportionate financial impact of cyber incidents on small businesses.