Written by Nehemiah Balaolo
The frequency of cyber claims in the United States increased by 13% last year, according to a new report.
According to the 2024 Cyber Claims Report published by digital risk-focused insurer Coalition, cybercrime is a “thriving business with negative impacts” on the economy. In 2023, the FBI received more than 880,000 complaints, with losses totaling $12.5 billion.
Although overall complaint severity declined in the second half of the year, it was unable to offset the spike in the first half due to an increase in ransomware claims.
Frequency/Severity
Last year, claim frequency remained below the all-time high of 2021, but in 2023, overall claim frequency increased by 13% year-over-year. Overall claim severity increased by 10% year over year, with losses averaging $100,000. According to the report, ransomware claims spiked in the first half of this year.
More than half (52%) of all reported cyber issues were handled at no out-of-pocket cost to policyholders.
Coalition principals Rob Jones, Claims Manager, Sherry Marr, Incident Response Manager, and Mike Volk, Senior Product Marketing Manager, will host a webinar following the release of the report to discuss trends and cyber claims. I analyzed the claim.
“After a shaky start, the severity stabilized in the second half of the year,” Jones said. “After average losses soared to more than $236,000 in the first half of 2023, companies with revenues of $100 million or more saw losses cut in half, but still up 21% year over year.”
Companies of all revenue levels saw an increase in billing frequency. Companies with revenue between $25 million and $100 million saw a 32% increase. Companies with revenue over $100 million saw a 14% increase in frequency, and companies with revenue under $25 million saw an 8% increase, according to the report.
According to the report, ransomware accounts for 19% of reported claims, historically the highest cause of claim severity. “The ransomware variants that caused the losses have changed,” the Coalition said in its report. “LockBit ransomware has two variants that emerged late this year.
Among Coalition policyholders, LockBit 3.0 accounted for 12.9% of all ransomware claims, while LockBit 2.0 accounted for 2.09% of claims. Notably, the LockBit ransomware gang was briefly taken offline by law enforcement in early 2024, but reemerged three days later.
According to the coalition, the frequency of funds transfer fraud (FTF) has increased by 2%, and the initial value of FTF losses has increased by 24% year-on-year, with the average loss exceeding $278,000.
Claim frequency for “other events” (error, legal, privacy, media, third party infringement, etc.) increased by 21% year over year, “other events” severity increased by 28%, and average loss amount increased by 21% year over year. increased by 28%. More than $53,000, according to the report.
Business email compromise (BEC) claims are down 8%, but cybersecurity trends show threat actors are using generative artificial intelligence (AI) tools to launch more sophisticated attacks .
“Phishing emails are becoming more reliable and difficult to detect, and attackers are leveraging AI to parse information faster, communicate more efficiently, and generate campaigns that target specific companies. All of these may be contributing to the increase in FTF claims,” the report said.
proactive steps
The report highlights the benefits and best practices of proactive measures. For example, businesses that use perimeter devices to protect their networks can respond quickly if their perimeter devices are compromised if their best practices include updating firmware and monitoring all endpoints. Masu.
These technologies are essential to business operations. However, these devices are also often prime targets for threat actors.
“While these tools are considered essential to managing cyber threats, our research also shows that certain perimeter devices with known vulnerabilities may actually increase the likelihood of cyber litigation. “We also found some worrying trends,” Ma said. “The findings in our claims report were eye-opening, especially regarding the increased risk faced by organizations using perimeter devices such as firewalls and VPNs.”
This report examines the relative claim frequency of Coalition policyholders using Cisco Adaptive Security Appliance (ASA) devices that enable remote access and protect networks with firewall, antivirus, intrusion prevention, and VPN features. showed a sharp increase in 2023.
Businesses with Cisco ASA devices exposed to the internet are nearly five times more likely to receive a claim in 2023, compared to approximately 2.5 times more likely to receive a claim in the past two years.
“Several critical vulnerabilities impacting Cisco ASA devices were discovered in 2023 and may be contributing to their relative frequency increase,” the Coalition said in its report.
“Security researchers discovered that the ransomware group Akira has been actively exploiting vulnerabilities in Cisco ASA since 2020, posing a significant risk to enterprises that continues into 2024. .”
Fortinet's various perimeter devices are often exploited by threat actors due to the high level of privileged access that can be gained by compromising them. According to the report, companies using Fortinet devices that are exposed to the internet are twice as likely to receive claims in 2023.
“Policyholders who use Internet-exposed Remote Desktop Protocol (RDP) are 2.5 times more likely to have a claim in 2023,” Ma said.
Varaolo, a student at California State University, Long Beach, is interning at Wells Media Group.
topic
US fraudulent claims trends
