With three full years of cyber claims data now available for side-by-side comparison, we can clearly see evidence of the myriad ways that security trends have evolved over time.
As anticipated, fraudulent instruction incidents were down 15% for the year, a shade more than predicted at end of Q3 . Retail, manufacturing, non-profit and government show significant improvement in managing fraudulent instruction risks, with declines of 38%, 35%, 23% and 20% year over year, respectively.
In contrast, business email compromise (BEC) was up 18% year over year across industries, returning to levels seen in 2020 and 2021. While professional services continued to experience the highest number of BEC incidents, the BEC incident count was only 5% higher than last year. Compared to levels seen in 2020 and 2021, retail and business services show consistent improvement in lowering BEC rates, while most other industries have experienced fairly consistent rates.
Incidents involving data exfiltration are again trending upward, with data exfiltration involved in 90% of incidents in Q4. Despite indications to the contrary earlier in the year, there was no significant decline in overall data exfiltration in 2023.
Increased volatility is the name of the game when it comes to ransomware attacks. Phishing continues to decline among our policyholders, while incidents involving Remote Desktop Protocol (RDP) are on the rise, and those related to software vulnerabilities remain relatively steady. As always, these factors underscore the need for a continued, robust defense-in-depth approach to cyber security, not only to keep attackers out but also to prevent them from moving around and doing damage if they get in.
Data presented in this Cyber Services Snapshot is derived from global incidents reported to Beazley between 2021 and 2023.