’The malware started to drop away, so it’s just cyber extortion,’ says chief executive

Businesses have been warned that ransomware is changing “quite dramatically” and that more firms are being hit by such attacks.

CFC chief executive Graeme Newman said there had been a ”massive uptick” of cases in Q3 2023, while the frequency of cases the cyber specialist had seen over the last 18 months was “pretty alarming”.

This came after insurance broker Howden said it had seen a rise of sophisticated cyber claims, such as ransomware and phishing.

According to the broker’s Coming of Age report, which was published earlier this year (10 July 2023), ransomware attacks surged by nearly 50% in the first half of 2023 compared to the same period in 2022.

Newman noted that incidents were changing from “high volume and high attack” to double extortion.

For example, he noted that previous incidents of ransomware would see the victim click on a link that would deploy malware automatically across the network.

The attacker would then demand a ransom in exchange for the decryption key.

However, according to Newman, more attackers were now deleting backup data when they get into a system, allowing cyber criminals to demand more ransom from victims.

In turn, Newman felt victims were being hit with a “double whammy”.

“The nature of that crime changed and this concept of ransomware – the malware started to drop away, so it’s just cyber extortion,” he said during his keynote at the CFC Cyber Forum last week (12 October 2023).

Data

This came after the government revealed in its 2023 cyber security breaches survey that cyber attacks were costing businesses an average of £15,300 in losses.

Published earlier this year (13 April 2023), the report also highlighted that across all UK businesses, there were approximately 2.39m instances of cyber crime and as a result, around 49,000 instances of fraud in the last 12 months.

And Lloyd’s of London revealed earlier this week (18 October 2023) that cyber insurance represented a “small proportion” of potential economic losses should major financial services payments systems get hit by a major attack.

However, Newman felt the insurance sector can make a difference to cyber risk by applying a “cold analytical approach to the data”.

“Ultimately, we can use that data to direct the security spend of our clients and help them to prioritise security investment in a way that’s never been done before,” he said.

“Together we can put an end to the lies, the damned lies, and make sure we deliver much better cyber statistics.”