Risk managers are most likely to face cyber hacks and malware attacks, according to a new report by insurer Beazley. The attacks accounted for 36% of the 2,600 data incidents faced by Beazley’s clients in 2017 – that’s up from 32% last year. Accidental disclosures came in second at 28%, followed by insider breaches and social engineering at 10%.
There are new methods in the cyber madness. 2017 saw the cyber risk landscape rapidly change as attacks became more sophisticated and hackers found ever more clever ways to exploit cyber vulnerabilities. This year, advances in phishing, cyber extortion, and social engineering had risk managers running to the war room. "Criminals are intent on stealing data or extorting cash, and their methods are becoming more sophisticated by the day. Wherever weaknesses exist – in systems, processes or simple human fallibility – every organization, regardless of sector and size, is vulnerable,” said Katherine Keefe, global head of BBR Services.
Hack and malware attacks are still the biggest threats
(2017 incidents by cause)
Key recent cyber attack trends to keep an eye on:
Phishing attacks took a new form this year, as cyber criminals stole paychecks from employees by hacking into their direct-deposit information stored in self-portals and redirecting the money. This kind of attack hit the higher education sector particularly hard, with over half of incidents happening on campuses. Beazley warns that listing faculty and staff emails publicly heightens universities’ vulnerability to the attack. Healthcare, too, was a big victim of payroll-diversion phishing attacks, accounting for 30% of incidents.
Universities biggest victims of payroll diversion phishing attacks
(2017 incidents by industry)
Ransomware emerged as a major cyber attack weapon in 2016, and in 2017 we witnessed the full effect of its devastating potential through the major worldwide WannaCry and NotPetya attacks. The WannaCry attack in May 2017 alone struck 200,000 computers across more than 150 countries, leading to billions in losses to oragnisations globally. Ransomware attacks rose in frequency by 18% in 2017 across all industries, but healthcare suffered the most in this arena, with 45% of attacks targeting organisations in the sector.
Ransomware is rising
(number of attacks notified to Beazley)
Hackers are the new tricksters. Beazley reports a sharp rise in events where cyber criminals use sophisticated social-engineering schemes to convince employees to do things like make fraudulent wire transfers. By either using stolen credentials or impersonation to communicate with and develop trusted relationships with employees, hackers instruct individuals within the organisations to send funds in the wrong direction. Social engineering schemes were reported evenly across most industries, but professional services and the financial sectors each accounted for about 20% of attacks.
Fraudulent wire instruction events hit professional services, financial industries evenly
(2017 incidents by industry)