(AGENPARL) - Roma, 25 Ottobre 2023(AGENPARL) – mer 25 ottobre 2023 ALLIANZ COMMERCIAL
Cyber security
trends 2023
The latest threats and risk mitigation
best practice – before, during and
after a hack
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Contents
Page 3
Introduction
Page 5
Threat landscape: Resurgent ransomware
targets data and supply chains
Page 14
Future threats: AI, IoT and skills shortage
to fuel future cyber-attacks
Page 18
Claims: Stabilization trend threatened by mass
attacks and data exfiltration
Page 24
Mitigation: Early detection is key to combating
emerging cyber threat
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Introduction
Investments in cyber security are paying off but an evolving threat landscape
will require much greater focus on early detection and response capabilities.
Improvements in cyber security and business continuity
are helping to combat encryption-based ransomware
attacks, yet the cyber threat landscape is continually
evolving. 2023 has seen a worrying resurgence in
ransomware and extortion claims, resulting in an uptick in
costly incidents, demonstrating that although progress is
being made, the threat posed by ransomware shows little
sign of abating.
Reports note that the number of ransomware victims
surged by as much as 143% globally during the first
quarter of 2023 with January and February seeing the
highest number of hack and leak cases in three years.
Ransomware alone is projected to cost its victims
approximately US$265bn annually by 2031.
Hackers are increasingly targeting IT and physical supply
chains, launching mass cyber-attacks and finding new
ways to extort money from companies, large and small.
Most ransomware attacks now involve the theft of
personal or sensitive commercial data for the purpose
of extortion, adding further cost and complexity, as well
as the increased potential for reputational damage and
third-party liability. Allianz analysis of a number of large
insurance industry cyber losses shows that the proportion
of cases in which data is exfiltrated is increasing every
year – from 40% of cases in 2019 to around 77% of cases in
2022, with 2023 on course to surpass last year’s total.
Protecting an organization against intrusion remains a
cat and mouse game, in which the cyber criminals have
the advantage. Threat actors are now exploring ways to
use artificial intelligence (AI) to automate and accelerate
attacks, creating more effective AI-powered malware
and phishing. Combined with the explosion in connected
mobile devices and 5G-enabled Internet of Things, the
avenues for cyber-attacks look only likely to increase in the
coming years.
increase in the number of
ransomware victims globally
during the first quarter of 2023
JANUARY
AND FEBRUARY
saw the highest number of hack
and leak cases in three years
US$265bn
is the approximate projected
annual cost of ransomware to its
victims by 2031
Preventing a cyber-attack is therefore becoming harder,
and the stakes higher. As a result, early detection and
response capabilities are becoming ever more important.
An intrusion can quickly escalate, and once data is
encrypted and / or stolen, the consequences and costs
snowball – costs can be as much as, or even more than,
1,000 times higher than if an incident is not detected and
contained early, Allianz analysis shows.
Ultimately, early detection and effective response
capabilities will be key to mitigating the impact of cyberattacks and ensuring a sustainable insurance market
going forward.
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Threat landscape:
Resurgent ransomware
targets data and supply chains
Ransomware remains the top cyber threat and the single largest cause of cyber
insurance claims by some distance. Following a short hiatus in 2022, ransomware
attack frequency has picked up again in 2023 as threat actors use data exfiltration and
supply chain attacks to maximize their leverage.
In many ways, the last 12 months has been business as
usual for ransomware gangs. They continue to evolve their
tactics and business models in response to changes in
cyber security and as they find new ways to extort money
from businesses and public sector organizations.
According to research from cyber threat intelligence firm
Black Kite1, ransomware attacks surged in early 2023, with
the number of victims in March nearly double that of last
April and 1.6 times higher than the peak month in 2022.
Akamai Technologies said the number of ransomware
victims surged by 143% globally in the first quarter of
20232 . Meanwhile, January and February 2023 saw the
highest number of ransomware hack and leak cases in
the past three years, according to the NCC Group, which
also noted that ransomware activity was up almost 50%
year-on-year as of May 20233. In future, ransomware alone
is projected to cost its victims approximately US$265bn
annually by 2031, Cybersecurity Ventures predicts4 .
A surge in data exfiltration attacks from the likes of
LockBit and Clop in 2023 has seen the number of attacks
reach new levels, while according to cryptocurrency
firm Chainalysis, ransomware victims paid demands of
US$449.1mn5 in the first six months of this year, already
close to last year’s total of US$500mn. At the current
rate, 2023 could end up as the second biggest year for
ransomware revenue after 2021.
Key developments
• Ramsomware groups continue to adapt
their tactics and business models in
response to cyber security changes.
• Ransomware-as-a-Service (RaaS)
remains a key driver for the ongoing
frequency of attacks.
• Double and triple extortion attacks
are not new, but they are now
more prevalent, and potentially
more impactful and costly for
affected companies.
• Supply chain-enabled ransomware
attacks have now become an established
part of the ransomware playbook.
• Rise in mass ransomware attacks means
insurers will need to better understand
the interconnectivity and dependencies
that exist between companies and within
digital supply chains.
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
This year has witnessed several large mass ransomware
attacks as threat actors used exploits in software
and weaknesses in IT supply chains to target multiple
companies. At the same time, ransomware gangs continue
to fine tune their business models in order to carry out
more attacks, faster. According to research from IBM
X-Force6, the average number of days taken to execute a
ransomware attack has fallen from 60+ days in 2019 to less
than four days in 2021.
The attack affected a number of large corporates,
including energy giant Shell, British Airways, broadcaster
the BBC, logistics firm DHL, insurer Genworth Financial, as
well as the US Department of Health and Human Services
and the US Department of Energy7. Genworth Financial
alone reported that the personal information of nearly 2.5
million to 2.7 million of its customers was breached8 . Clop
is now the second-largest ransomware group by number
of victims.
In June, ransomware group Clop carried out a successful
mass cyber-attack that is thought to have impacted
thousands of companies, compromising the data of
millions of individuals and businesses. Clop exploited a
‘zero-day’ vulnerability in MOVEit file transfer software to
steal data from companies and public sector organizations,
threatening to publish the data if they failed to pay a
ransom demand.
“As companies have enhanced network security and
backup strategies, and as regulation dissuades companies
from paying ransom demands, the chances of a successful
encryption ransomware attack are becoming slimmer,
and threat actors are changing strategies,” explains Rishi
Baviskar, Global Head of Cyber Risk Consulting, Allianz
Commercial. “The recent MOVEit supply chain attack is a
good example of how gangs are increasingly resorting to
mass attacks and data exfiltration.”
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
RaaS groups responsible for majority
of incidents
Ransomware-as-a-Service (RaaS) remains a key driver for
the ongoing frequency of attacks. With access to RaaS
kits and services, criminals lacking the skill to develop their
own malware can launch ransomware attacks quickly and
affordably. With prices starting from US$40 per month,
RaaS kits enable cyber criminals to make millions from
extortion demands with little financial investment.
“This is not a problem that is going away,” says Michael
Daum, Global Head of Cyber Claims at Allianz
Commercial. “We often deal with the same attack groups.
They change – they disappear, reorganize and then
reappear under a different name – but the groups with the
best tactics make the most money, and then they start reselling their tools and expertise to others. They operate like
successful businesses.”
Ransomware attacks against large companies typically
originate from a relatively small number of groups. For
example, Allianz has handled several claims attributed to
the likes of Black Basta, Clop and LockBit. According to
the US Cybersecurity and Infrastructure Security Agency9,
LockBit was the most deployed ransomware variant across
the world in 2022, with more than 1,700 attacks since
2020 in the US alone, and approximately US$91mn of
ransoms paid.
RaaS kits enable cyber criminals
to make millions from extortion
demands, with prices starting at
US$40
per month
LockBit was the most deployed
ransomware variant across the
world in 2022, with
1,700+
attacks since 2020 in the US
US$91mn
approximate cost of ransoms paid
“Cyber criminals’ tactics continue to evolve,” says Daum.
“When we talk about ransomware, we are now really
speaking about attackers applying various techniques in
order to extort money. Where we used to see encryption,
we now see attackers steal data or carry out Distributed
Denial of Service (DDoS) attacks – with no encryption
applied or in combination with encryption – in order to
demand a ransom.”
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Data exfiltration becomes the norm
Double and triple extortion – using a combination of
encryption, data exfiltration and Distributed Denial of
Service (DDoS) attacks to extort money – are not new,
but they are now more prevalent, and potentially more
impactful and costly for affected companies.
The proportion of cases in which
data is exfiltrated increases year
on year
Allianz analysis of a number of larger insurance industry
cyber losses (>€1mn) between 2019 and the end of the first
half of 2023 shows that the proportion of cases in which
data is exfiltrated increases from year to year – from 40%
of cases in 2019 to around 77% of cases in 2022, with 2023
on course to surpass 2022’s total.
Once a threat actor has infiltrated a system, encrypting is
much more difficult than stealing data, explains Michael
Daum, Global Head of Cyber Claims, Allianz Commercial.
“Attackers will 100% try to exfiltrate data before they try to
encrypt. It’s faster and easier compared to fully encrypting
the victim’s environment. In almost every extortion-focused
intrusion, data will get exfiltrated.”
Several factors are combining to make data exfiltration
more attractive for threat actors. The scope and amount
of personal information being collected is increasing,
while privacy and data breach regulations are tightening
globally. At the same time, the trend towards outsourcing
and remote access leads to more interfaces for threat
actors to exploit.
With potentially costly financial and reputational
consequences, companies may feel under more pressure
to pay ransoms where data has been stolen. The same
Allianz analysis of a number of larger insurance industry
cyber losses (>€1mn) between 2019 and the end of the first
half of 2023 also shows that the proportion of companies
paying a ransom has also increased from year to year –
from as little as 10% in 2019 to 54% in 2022.
Meanwhile, companies are 2.5 times more likely to pay a
ransom in cases where data has been exfiltrated, on top
of the encryption, the analysis also shows (the share of
companies paying a ransom when data was exfiltrated is
56% compared with the share of companies paying ransom
without data exfiltration which is just 21%). However,
recent mass hacks have also seen many companies refuse
to pay.
Over 77%
The proportion of companies
paying a ransom has increased
from year to year
in 2019
in 2022
Companies are
more likely to pay a ransom
in cases where data has been
exfiltrated, on top of the
encryption
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Ransomware costs – double extortion
changes the rules and multiplies the cost
Potential costs from a ‘conventional’ ransomware attack
(which encrypts the attacked company’s data without leaking it)
Lost Income
(Business Interruption)
Recovery Expenses
Extortion Payment
Forensics Expenses
Notifications Costs
Data Recovery
and PR Repairment
Monitoring Costs
Regulatory Fines
and Legal Expenses
Potential additional costs from a ransomware attack which becomes a data breach event
(stealing and then publishing the data)
Costs description:
Single Extortion (encryption)
Double Extortion (encryption and exfiltration)
Extortion Payment: demanded by criminals
Notifications Costs: notifying customers, regulators and other
required authorities of a data breach.
Lost Income (Business Interruption): The longer the period of time
in which system accessibility is limited, the greater the loss.
Recovery Expenses: the cost of restoring data and ensuring full
systems recovery.
Forensics Expenses: expenses incurred to investigate the source
of the security vulnerability.
Monitoring Costs: monitoring services for identity theft/ fraud that
has to be supplied to individuals whose data is stolen.
Regulatory Fines and Legal Expenses: due to third parties‘ claims
whose private data is stolen.
Data Recovery and PR Repairment: Costs of a consultant, crisis
management firm or law firm to limit effects of negative publicity.
Sources: Bitsight and Kovrr. Graphic: Allianz Commercial.
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
“However, paying a ransom for exfiltrated data does not
necessarily resolve the issue,” says Daum. “Especially in the
US, the company may still face third party litigation for the
breach of data. Once a company has paid a ransom for
data exfiltration, there is no guarantee it will not be used
for fraud or sold on the Dark Net anyway.”
Indeed, there are very few cases where a company may
believe that there is no other solution than paying the
ransom to be able to re-access their systems or data. Any
impacted company should always inform and cooperate
with the police or national investigation authorities.
In the past, companies holding personal data and credit
card information were targets of data breaches, but
increasingly industrial and manufacturing companies that
share ecosystems are falling victim to data exfiltration
attacks. Manufacturing was the most targeted sector for
ransomware cyber-attacks and the most extorted industry
in 2022, according to IBM Security’s 2023 X-Force Threat
Intelligence Index10 .
“With data exfiltration, you can attack a standard
manufacturing company with many different clients. If
you can get data on these clients as well, the criminals
can demand money from them also, and that is what we
have seen in some claims now,” says Jens Krickhahn,
a Regional Practice Leader, Cyber Insurance, at
Allianz Commercial.
Top industries targeted
The percentage of extortion cases by industry observed in incident response engagements
in 2022.
Manufacturing
Professional,
business, and
consumer services
Energy
Finance and
insurance
Retail and
wholesale
Media and
telecom
Education
Transportation
Numbers do not add up to 100% due to rounding.
Source: IBM Security’s 2023 X-Force Threat Intelligence Index
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Threat actors target weak links in supply chains
Supply chain-enabled ransomware attacks are not new, but
they have now become an established part of the ransomware
playbook. Increasingly, threat actors are targeting companies in
the IT supply chain, as well as companies that hold sensitive data in
physical supply chains, in order to demand extortion payments from
multiple companies.
Supply chain attacks first hit the headlines in 2019, following
an intrusion at the system management company Solar Winds,
which marked the start of one of the largest software supply chain
attacks in history. In 2021, a similar attack involving IT management
company Kaseya exploited a zero-day vulnerability in the company’s
remote management software to carry out ransomware attacks that
are thought to have impacted some 1,500 businesses11 and resulted
in a US$70mn ransom demand.
In June 2023 a North Korea hacking group12 penetrated softwareas-a-service provider JumpCloud in order to target cryptocurrency
companies, according to media reports. Blockchain analytics firm
Chainalysis said last year that North Korean-linked groups stole an
estimated $1.7bn worth of digital cash across multiple hacks.
“By attacking an IT supplier with a lot of dependent clients, the
extortion power is even larger. You do not hit just one company, but
many companies at one time,” says Michael Daum, Global Head of
Cyber Claims at Allianz Commercial.
Supply chain cyber-attacks were typically associated with
sophisticated nation state hacker groups, but increasingly they are
being used by RaaS groups to launch mass ransomware attacks.
Much like the recent MOVEit extortion, ransomware gangs are now
alive to the opportunities to exploit the interconnectivity of digital
and physical supply chains and will target organizations with weak
cyber security in order to infiltrate other companies elsewhere in the
supply chain, circumventing more robust cyber security.
“You would expect that IT providers have sophisticated cyber
security, but that is not always the case, and we have seen a growing
number of incidents where there have been deficiencies. The large
attacker groups are sophisticated and very savvy and are attracted
to targets that hold interesting data or that give access to other
companies, which enable them to demand extortion payments or
launch future attacks,” says Daum.
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Mass attacks raise accumulation concerns
2023 has seen several mass ransomware extortion attacks,
where RaaS groups exploit vulnerabilities in software
and the interconnectivity of digital supply chains to
exfiltrate data and demand ransoms from hundreds, if not
thousands of companies.
In addition to the recent MOVEit attack, in which the
Clop ransomware group used a zero-day vulnerability
in widely used file transfer software, RaaS groups have
launched other such attacks in 2023. Earlier this year
Clop also used a zero-day flaw in the GoAnywhere file
transfer software to steal data from over 130 companies13.
In another separate attack, threat actors exploited a
known vulnerability in unpatched VMware ESXi servers,
compromising 3,800 servers worldwide14 .
Mass ransomware attacks are a potential “gamechanger”
for the insurance industry, as they trigger multiple claims
simultaneously, according to Jens Krickhahn, a Regional
Practice Leader, Cyber Insurance, at Allianz Commercial.
“This year we had our first event case, with 40 policies
triggered at the same time. From a claims management
side that creates a completely new scenario, as you are
in contact with multiple insureds at the same time, on the
same topic, with different service providers and vendors.
The once theoretical risk of an accumulation exposure is
now reality,” says Krickhahn.
“A similar successful attack against a larger IT vendor or
data center provider could have a global effect and a huge
impact on the insurance industry.
“Having that knowledge today, many insurers will no
doubt look at their exposure to different industries and
sectors more carefully, and will need to consider capacity
management, as well as coverage. Knowing that many
companies are reliant on a single vendor, an insurer may
need to consider solutions – such as aggregation clauses –
just to manage the exposure.”
Insurers will want to better understand the
interconnectivity and dependencies that exist
between companies and within digital supply chains,
adds Tresa Stephens, a Regional Head of Cyber at
Allianz Commercial.
“Modeling accumulation of cyber risk is challenging
because the interdependencies between insureds and their
vendors is so difficult to qualify and track. It’s almost like
we are underwriting many risks, not just the insured. We
are looking at all their vendors and suppliers and need to
understand the interdependencies in our portfolio.”
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Future threats:
AI, IoT and skills shortage
to fuel future cyber-attacks
Artificial intelligence (AI) is widely expected to power future ransomware attacks,
with automated attack processes, more convincing phishing, and faster malware
development. However, it could also enhance cyber security, with more effective and
faster detection and threat intelligence.
Threat actors are already using AI-powered language
models like ChatGPT to write code. Generative AI can
help less technically proficient threat actors write their
own code or create new strains and variations of existing
ransomware, potentially increasing the number of attacks
they can execute.
“We can expect an increased utilization of AI by malicious
actors in the future, necessitating even more stronger
cyber security measures,” says Rishi Baviskar, Global
Head of Cyber Risk Consulting, Allianz Commercial.
“AI can be used to carry out more automated attacks, as
well as develop new techniques to steal or poison data.
When you think about the potential to combine AI with
the proliferation of the Internet of Things (IoT) and the
speed of 5G, for example, we may have a serious issue on
the horizon.”
Voice simulation software has been a recent addition to
the cyber criminal’s arsenal. In 2019 the CEO of a British
energy provider transferred €220,000 to a scammer after
they received a call from what sounded like the head of
the unit’s parent company, asking them to wire money to a
supplier. The voice was generated using AI15 .
In August 2023, researchers at the Google-owned
cybersecurity company Mandiant documented the first
known instances of deepfake video technology designed
and sold for phishing scams. The going rate was as little as
US$20 per minute, US$250 for a full video or US$200 for a
training session, although the researchers were unable to
confirm that the services they identified on hacker forums
were legitimate or whether a deepfake had been used in
any scam.
Key developments
• AI-powered language models and voice
simulation software recent additions to
the cyber criminal’s arsenal.
• Allianz Commercial has seen a growing
number of incidents caused by poor
cyber security around mobile devices.
• Technical skills crisis in cyber security is
also increasing the cost of responding to
an incident.
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Companies will need to invest in AI-powered cyber security
to counter the growing threat posed by threat actors,
Michael Daum, Global Head of Cyber Claims at Allianz
Commercial, adds.
“AI will help threat actors, but it is also a powerful tool for
detection. We might see more AI-enabled cyber incidents
in the future, but investment in detection backed by AI
should catch more incidents early. If we can keep pace with
developments in AI, there is always the chance it might not
change the picture too much from today, neither in favor of
the company nor the attacker.”
Mobile devices expose personal and
corporate data
Lax security and the mixing of personal and corporate
data on mobile devices is making for an attractive target
for cyber criminals.
Allianz Commercial has seen a growing number of
incidents caused by poor cyber security around mobile
devices. During the pandemic many organizations enabled
new ways of accessing their corporate network via private
devices, without the need for multi-factor authentication
(MFA). This also resulted in a number of successful cyberattacks and large claims.
“Cyber criminals are now targeting mobile devices with
specific malware in order to gain remote access, steal
login credentials, or to deploy ransomware,” says Rishi
Baviskar, Global Head of Cyber Risk Consulting, Allianz
Commercial. “Increasingly we have corporate and
personal information on the same device, and threat actors
now see this as a potential vulnerability. Personal devices,
in particular, tend to have less stringent security measures.
Utilizing public wi-fi on these devices can increase their
vulnerability, including exposure to phishing attacks via
social media.”
The roll out of 5G technology is also an area of potential
concern. 5G will power more connected devices, including
more sophisticated applications, such as driverless or
assisted vehicles and smart cities. However, IoT devices
do not have a good track record when it comes to cyber
security, Baviskar continues.
“Many IoT devices are not inherently secure, while the
sheer number of these devices globally and the addition
of AI could result in a very serious cyber threat. Many
of these devices are easily discoverable and will not
have MFA mechanisms. Even today we see devices with
default passwords that are available on the internet,”
says Baviskar.
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Cyber security skills shortage affects cost
and frequency
A growing shortage of cyber security professionals
will increasingly complicate cyber security efforts,
potentially increasing the chances of successful attacks
in the future.
The current global cyber security workforce gap
stands at 3.4 million people, according to the ISC216,
a non-profit member organization for cyber security
professionals, with demand for cyber professionals
growing twice as fast as supply. Some 70% of
organizations say they do not have enough cyber
security staff to be effective. Gartner predicts that a lack
of talent or human failure will be responsible for over
half of significant cyber incidents by 202517.
“There is a crisis in technical skills for cyber security,” says
Rishi Baviskar, Global Head of Cyber Risk Consulting,
Allianz Commercial. “Because technology is moving so
fast, there are not enough experienced people to keep
pace with the threats. It’s very hard to get good cyber
security engineers, which means companies are more
exposed to cyber events. Without skilled cyber security
people, it is harder to predict and prevent incidents,
which could mean more losses in the future.”
The shortage of cyber security experts also impacts the
cost of responding to a cyber incident. According to the
IBM Cost of a Data Breach Report 2023, organizations
with a high level of security skills shortage had a
US$5.36mn average data breach cost18, around 20%
higher than the average cost.
“IT specialists are a scarce resource, and IT security
experts are even scarcer,” says Michael Daum, Global
Head of Cyber Claims, Allianz Commercial: “The
volume of attacks and incidents is increasing at a higher
rate than organizations can hire and train IT and cyber
security professionals. And when there is more supply
than demand, it leads to higher than inflation increases
in fees for incident response and forensics.”
The current global cyber security
workforce gap stands at
3.4mn
people
of organizations say they do not
have enough cyber security staff
to be effective
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Claims: Stabilization trend
threatened by mass attacks
and data exfiltration
Cyber claims frequency picked up again during the first half of 2023, although
improved cyber security over the past two years has helped control first party losses
and improve the overall quality of risk.
Following a significant spike in ransomware losses in
2020 and 2021, the frequency of cyber insurance claims
stabilized last year, reflecting improved cyber security
and risk management actions among insured companies
– such as the use of multifactor authentication or more
effective backup strategies which made encryption-based
ransomware less effective and reduced the business
interruption impact. At the same time, law enforcement
agencies targeting ransomware gangs and the Ukraine
Russia conflict are thought to have curtailed the activities
of threat actors.
“Many companies addressed vulnerabilities and we
have seen a notable improvement in governance around
mergers and acquisitions (M&A), for example, which
historically generated a number of large claims where due
diligence failed to pick up issues with IT security or data
privacy. Now we see a lot more consideration at a high
level given to IT assets and cyber security during the M&A
process,” says Tresa Stephens, a Regional Head of Cyber
at Allianz Commercial.
However, ransomware groups have changed tactics,
with an increase in data exfiltration, and mass cyberattacks that have exploited weaknesses in IT supply
chains. The MOVEit mass cyber-attack, which affected
over a thousand companies earlier this year, for example,
contributed to the increase in the frequency of claims in
2023, affecting multiple policyholders simultaneously.
Key developments
• Ransomware and extortion-based
attacks remain the largest source of
cyber insurance claims by volume
and frequency.
• In addition to extortion claims, there has
also been an uptick in the number of
data privacy claims in the US, related to
biometric information.
• Allianz analysis of large cyber losses
shows that the number of cases in which
data is exfiltrated has significantly
increased, as has the number of incidents
becoming public.
• Allianz Commercial claims analysis
shows that breaches that are not
detected and contained early can be
1,000 times more expensive.
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Number of cyber-related claims per year
1,200
1,000
1,131
1,086
1H 2023 only
Totals include all cyber-related claims per year. Numbers may change in future due to updated reporting.
Source: Allianz Commercial
“This year we have seen another uptick in claims frequency,
following the stabilization of claims frequency last year.
The attackers are now back, and focused again on
Western economies, with more powerful tools, enhanced
processes and attack mechanisms,” says Michael Daum,
Global Head of Cyber Claims at Allianz Commercial.
Ransomware and extortion-based attacks remain the
largest source of cyber insurance claims by volume and
frequency, accounting for more than 80% of claims from
standalone cyber policies alone.
“MOVEit is a zero-day exploit in a data transfer software
product that has hit thousands of companies and impacted
millions of individuals. In the US we have seen claims,
mostly from data exfiltration extortion,” says Marisa
Anthony, Senior Complex Claims Handler, Cyber, Allianz
Commercial. “Even when MOVEit calms down, we fully
expect it will be replaced by another attack. Frequency
is to be expected in cyber, which is why early detection
and response is key to controlling severity. As insurers
we need to better understand the interconnectivity and
dependencies that exist between companies and within
digital supply chains.”
The attackers are now
back, and focused again
on Western economies,
with more powerful
tools, enhanced
processes and attack
mechanisms
CYBER SECURITY TRENDS | ALLIANZ COMMERCIAL
Cause of loss by value of cyber claims
Based on the analysis of 3,366 claims worth €612mn (including the share of other insurers)
between August 2019 and August 2023
External manipulation
of systems
Accidental internal cause
Malicious internal action
Source: Allianz Commercial
