FFT and Ransomware Represent Over Half of Cyber Insurance Claims in 2022
Fraudulent funds transfer (FFT) and ransomware were the biggest drivers of financial loss from cybercrime in 2022, accounting for more than 50% of insurance claims, according to figures from Corvus. The insurance company found that FFT and ransomware “are the two most consistent tactics of choice for threat actors,” with FFT representing 28% of cyber claims and ransomware 23% in its all-time figures. However, the average FFT claim is significantly lower than ransomware – $90,000 versus $256,000, respectively. Additionally, over all time, ransomware claims are three-times higher than that of FFT. This is because “FFT incidents do not typically involve costly data restoration, system recovery, business interruption or breach response efforts” that are required following ransomware attacks. Despite this, Jason Rebholz, CISO at Corvus Insurance told Infosecurity that the cyber insurance industry must avoid “tunnel vision” on ransomware, viewing it as the sole threat to organizations. “While the cost of ransomware claims are three times that of fraudulent funds transfer, the higher frequency of other attack vectors like business email compromise (BEC) and FFT could deliver death by a thousand cuts,” he explained. The prevalence of FFT, in which social engineering techniques are used to trick employees or vendors into transferring funds to the wrong accounts, highlights the growing effectiveness of BEC scams. The report found that FFT represented 70% of all BEC-related claims, and BEC made up 45% of claims in H1 2022.
"Attack vectors like business email compromise (BEC) and FFT could deliver death by a thousand cuts”
In Q3 2022, FFT accounted for 36% of all claims, an all-time high. And the percentage of FFT claims did not dip below 25% over the previous six quarters. While there were fewer ransomware claims in H1 2022 compared to H2 2021, Corvus observed a 25% increase in data exfiltration over these periods. Now occurring on nearly 50% of ransomware claims, “the rate of data exfiltration shows that attackers are attempting to generate additional points of leverage to increase the likelihood of a ransom payment,” said the report. Rebholz noted: “As organizations improve their resilience against ransomware attacks, threat actors continue to find ways to increase the pain factor to force ransom payments.” The study also observed a 66% increase in claims for third-party breaches in 2022, including a 20% rise in the share of third-party ransomware attacks. “It’s vital that the cybersecurity and insurance industries stay connected to remain agile in the changing threat landscape,” Rebholz commented. “Rising instances of data exfiltration show that cyber-criminals will respond quickly to thwart security professionals, and identify creative ways to increase leverage in ransom negotiations. Insurers have visibility into these changes, enabling us to take an informed, proactive approach with our brokers, policyholders and partners.” He added that insurers “are focused on bringing a data-driven understanding to the technical and financial impacts of cyber-attacks and mandating effective controls.” In November 2022, a Delinea study found that just 30% of cyber-insurance holders are covered for critical risks including ransomware, ransom negotiations and payments.