The financial damages of cyber crime are projected to reach $6 trillion annually by 2021, which is more than double the same projections from 2015. The number of attacks themselves - occurring as a result of malware, hacking, employee deception, and human error - are also increasing year on year. This is because protecting against and dealing with the effects of cyber crime is becoming increasingly difficult as cyber incidents evolve in complexity and focus.
An Overview for 2018
The first quarter of 2018 saw several key trends emerge in our data. Of particular note was the rise of cyber crime involving healthcare organisations. Specifically, healthcare accounts for approximately 24% of all Chubb cyber claims across industry segments over the last 27 years. It is currently the largest generator of Chubb cyber-related claims. Over the last two years, the number of Chubb healthcare cyber-related incidents grew 13%. The reason why is, in large part, related to the number of inadvertent disclosure and unauthorised access cases resulting from non-compliance with stringent regulatory requirements.
Between 2014 and 2018, professional services accounted for 20% of Chubb’s overall claim count by industry, whereas claims from financial institutions decreased over the same period from 20% to 13%. Other sectors too saw decreases, namely retail/hospitality from 11% to 8%, and entertainment/media from 10% to 8%.
The Rise of Phishing
Healthcare, like other industries, has been afflicted by a rise in the number of phishing attacks. This is when an attacker sends phishing emails to one or several employees within an organisation. The email appears to be from a credible source, perhaps another person in the organisation for example and instructs an employee to carry out a task which may reveal sensitive information, such as login details. The attacker can then use this information to compromise a system and access sensitive financial data. Often, a significant passage of time can occur before realising that any fraud or data breach has occurred, at which point re-securing operations can be costly and time-consuming.
Phishing attacks, which fall under the umbrella of social attacks (employee deception), grew 8% for Chubb cyber claims since 2015. By comparison, hacking (brute force or distributed denial-of-service ((DDOS)) attacks) decreased by 13%, as did theft and tampering.
The Increased Sophistication of Ransomware
Ransomware is a type of malware that uses malicious software to block a business’ network and demands payment for a user to regain access. It’s most commonly delivered through unsolicited spam emails and malicious advertisements. The sophistication of ransomware dissemination has also increased, and attackers will prey on missing security patches to access a network, attacking not only critical software but also network backups. This is behaviour exhibited by a ransomware known as SamSam and is particularly destructive. One of the main issues concerning ransomware is the downtime sustained as the result of an attack, and not, contrary to popular belief, the payment of a ransom, which tends to be an amount under £1000.
Since 2015, Chubb has seen a 34% increase in the frequency of reported ransomware attacks, with a ransom paid in 27% of reported cases. 28% of these instances occurred in the professional services sector, with the next largest sector, healthcare, accounting for 18% of claims.
As one of the largest publicly traded property and casualty insurers in the world, it’s our job to stay abreast of the latest cybersecurity advancements. For further insights and up to date proprietary data, please visit chubbcyberindex.com.