Extortion and ransomware among fastest-growing cyber losses
While headlines are dominated by major data breaches and, more recently, by audacious Distributed Denial of Service (DDoS) attacks, it is encryption ransomware and cyber extortion that is one of the fastest growing cybercrimes, reports AIG Europe.
The insurer, part of global group American International Group, has released details of European cyber claims received between 2013 and September 2016 – highlighting both most frequent and developing trends in the sector.
Ransomware and cyber extortion accounted for 16% of the cyber claims received by AIG in Europe, the Middle East and Africa (EMEA) during the period, with a further 4% of claims relating to other cyber extortions. There has, in particular been a proliferation of cyber extortion attacks in 2016.
“This year we have had a lot of notifications from businesses that were victims of ransomware type attacks, and nearly all of them had extortion elements to them as well,” said Noona Barlow, head of liabilities and financial lines claims, Europe.
“We are seeing cyber extortion and ransomware as one of the fastest growing areas of claims. In cases of cyber extortion, claims severity depends on the type of organisation, the level of business interruption caused and need for forensic investigation and system restoration.
“While ransom demands typically remain small, this form of extortion is a lucrative and relatively straightforward way of accessing ‘fast cash’ for cyber criminals and we can only see it growing in the future.”
Unsurprisingly, the majority of cyber claims currently emanate from industries that are required to notify customers if sensitive data has been compromised, with financial services accounting nearly a quarter (23%) of all AIG’s EMEA cyber claims received during the past three years, followed by communications, media and technology (18%), a category that includes telecommunications.
Extortion and ransomware however tend to be found across a wide range of industries – often without any obvious online or IT angle – and are as likely in smaller businesses as large, AIG Europe reports.
For example, an online gardening business that discovered ransomware was encrypting their files. While the small business did not have a significant amount of sensitive data that could have been compromised, they were unable to contact customers and access invoices.