Businesses hit by ransomware and other forms of attack are filing claims at a frantic pace, according to the 2020 Cyber Insurance Claims Report, a study by insurance provider Coalition. And
email is the main vehicle for malicious messaging.
The leading types of attack are:
- Ransomware — 41%
- Funds Transfer Loss — 27%
- Business
Email Compromise (BEC) — 19%
These forms of attack accounted for 87% of reported incidents and 84% in the first half of 2020.
In addition, BEC attacks have
increased in frequency by 67%.
The BEC claims by industry are:
- Financial services — 32%
- Professional services — 23%
- Consumer discretionary
— 13%
- Healthcare —10%
- Real estate — 10%
The leading attack techniques are:
- Email phishing — 54%
- Remote access
— 29%
- Other social engineering — 6%
- Third-party compromise —3%
- Brute force (authentication) — 3%
- Other — 3%
Firms that utilize Microsoft Office 365 are 3.2 times more likely to be hit with a BEC attack than Google Gmail users, the study says.
Since the pandemic started, Coalition has seen a
35% in funds transfer fraud and social engineering claims, with losses ranging from the low thousands to $1 million per event.
Moreover, ransomware attacks have increased in severity by
47% on top of a 100% increase from 2019 to first-quarter 2020.
The industries most hit by ransomware are:
- Consumer discretionary — 28%
- Professional services
— 16%
- Healthcare — 12%
- Financial services — 9%
- Information technology — 8%
Larger companies — those with revenues of $100
million to $250 million — were five times more likely to get hit.
However, even smaller firms — those with revenues under $10 million — were likely to suffer six-figure
losses.
“We’re in a heightened state of cyber vulnerability: human errors are more likely to be made remotely, new technology is being deployed on a daily basis to support
remote work setups, and cybercriminals are taking advantage,” states Joshua Motta, CEO and co-founder of Coalition.