Quarterly data snapshot.
With three quarters’ worth of data now available for 2022, we can see a decline in system infiltration as a cause of loss from 2021 to 2022 for all industries except healthcare. Though there are many factors that drive the ebb and flow of incidents, we’d like to think that greater recognition and efforts towards cybersecurity by policyholders has played a role in this shift – and we encourage continued diligence in this area.
It's worth noting here that deficient asset management practices can certainly expose an organization to a system infiltration. Read on to learn more about how your organization can protect itself through good asset management.
Despite an overall decline in incidents, fraudulent instruction is on the rise. Professional service firms experienced more fraudulent instruction and almost as many business email compromise incidents so far in 2022 as in the whole of 2021.
Ransomware vectors are volatile as always, with phishing holding steady in the last two quarters. The rise in unknown vectors can be attributed to several sources. Organizations may rush to rebuild in an effort to either restore systems or to contain the attack, but that can destroy valuable sources of data that would help determine how the intrusion occurred and what the threat actor did. Poor log configuration or retention practices may also play a part. Finally, threat actors are increasingly using anti-forensics techniques to obscure their activities – an important reminder that a defense-in-depth approach is more essential than ever for organizations to prevent malicious activity after an intrusion and to remain resilient.
We continue to see the rise in business email compromise risk for professional services that we noted after Q1, with healthcare and FI continuing to be targets. Mitigation is a matter of not only technology (e.g., better identity and access management and email security) but also people (training) and process (out-of-band verification, etc.).
After a drop in Q1, data exfiltration as part of a cyber extortion incident has increased steadily each quarter to reach a new high in Q3. See our last Cyber Services Snapshot for a wealth of information about the increasing complexities of extortion.