Quarterly data snapshot
The 2022 data is in, which gives us the opportunity to draw some high-level conclusions about current cybersecurity trends and to make some initial predictions about the direction they will take in 2023.
At first glance, things hardly seem particularly new as we enter 2023: threat actors are still using the same kinds of ransomware vectors to attack, and we’re still talking about the same need for education and controls. From the frequency of remote desktop protocol as a vector to the prevalence of data exfiltration in incidents, our latest data is very much aligned with the trends that captured our attention in 2022 Cyber Services Snapshots One and Two.
But look beneath the surface, and it quickly becomes evident that targeted companies are facing greater incident complexity than ever before. On the one hand, class actions for cyber extortion are ticking up in the US. At the same time, as threat actors continue to grow more sophisticated, they are finding ways to use even administrative tools like MFA against targets.
From tactics to consequences, cybersecurity will see a subtle but important evolution in 2023, and organisations must be prepared. As bad actors continue to identify and exploit vulnerabilities, the tools you’ve come to count on are not sufficient by default anymore, nor are the same instructions you’ve been giving your team for years. In the event of a breach, your organisation’s vulnerabilities are greater than ever, and the costs could be higher. Read on to learn what you need to know about protecting yourself today against yesterday’s risks in tomorrow’s cyber world.
Russ Cohen
Head of Cyber Services
Philadelphia, PA
Our 2022 cyber data gives us the opportunity to draw some high-level conclusions about current cybersecurity trends and to make some initial predictions about the threat landscape in 2023.
Sandra Cole
International Cyber Claims
London, UK
The 2022 data is in, which gives us the opportunity to draw some high-level conclusions about current cybersecurity trends and to make some initial predictions about the direction they will take in 2023.
In the US, greater incident complexity, including a rise in class actions and a shift in the way threat actors use stolen data.
Organizations will be forced to get smarter about educating employees to spot fraudulent instruction tactics like spoofed emails or domain names.
As threat actors bring new sophistication to their techniques and adapt to improved cybersecurity efforts, more and more companies will realize they can no longer count on the default configuration of off-the-shelf IT solutions and tools like PaaS or SaaS.
Watch for social engineering and spear phishing, bypassing MFA, targeting MSPs, and compromising cloud environments to emerge as areas of vulnerability.
The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Beazley has not examined and/ or had access to any particular circumstances, needs, contracts and/or operations of any party having access to this document. There may be specific issues under applicable law,or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.