Cyber Services Snapshot: 2023 Predictions

Welcome to our latest Cyber Services Snapshot, an initiative developed to provide regular data and actionable insights around timely cyber themes.

cyber-img

With a full year of 2022 cyber services claims data now available and 2023 newly underway, this is a good moment to pause and reflect on the state of cybersecurity.

At first glance, things hardly seem particularly new as we enter 2023: threat actors are still using the same kinds of ransomware vectors to attack, and we’re still talking about the same need for education and controls. From the frequency of remote desktop protocol as a vector to the prevalence of data exfiltration in incidents, our latest data is very much aligned with the trends that captured our attention in 2022 Cyber Services Snapshots One and Two.

But look beneath the surface, and it quickly becomes evident that targeted companies are facing greater incident complexity than ever before. On the one hand, class actions in the US are giving cyber extortion incidents a longer tail. At the same time, as threat actors continue to grow more sophisticated, they are finding ways to use even administrative tools like MFA against targets. 

From tactics to consequences, cybersecurity will see a subtle but important evolution in 2023, and organisations must be prepared. As bad actors continue to identify and exploit vulnerabilities, the tools you’ve come to count on are not sufficient by default anymore, nor are the same instructions you’ve been giving your team for years. In the event of a breach, your organisation’s vulnerabilities are greater than ever, and the costs could be higher. Read on to learn what you need to know about protecting yourself today against yesterday’s risks in tomorrow’s cyber world.

Russ Cohen


Russ Cohen
Head of Cyber Services
Philadelphia, PA

 

Quarterly data snapshot

Our 2022 cyber data gives us the opportunity to draw some high-level conclusions about current cybersecurity trends and to make some initial predictions about the threat landscape in 2023.

data trends

"Cyber incidents are not contained to one region, they are global. There is no border control, so what happens in one region can have an impact in another region. "


Sandra Cole
International Cyber Claims
London, UK

Sandra Cole

Our 2023 cyber risk predictions: what you need to know

Quarterly data snapshot

The 2022 data is in, which gives us the opportunity to draw some high-level conclusions about current cybersecurity trends and to make some initial predictions about the direction they will take in 2023.

Longer tail incidents

In the US, greater incident complexity, including a rise in class actions and a shift in the way threat actors use stolen data, will give extortion incidents a longer tail.

Spotting fraudulent instruction

Organizations will be forced to get smarter about educating employees to spot fraudulent instruction tactics like spoofed emails or domain names.

Fine tuning default configuration

As threat actors bring new sophistication to their techniques and adapt to improved cybersecurity efforts, more and more companies will realize they can no longer count on the default configuration of off-the-shelf IT solutions and tools like PaaS or SaaS.

Areas of vulnerability

Watch for social engineering and spear phishing, bypassing MFA, targeting MSPs, and compromising cloud environments to emerge as areas of vulnerability.

The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Beazley has not examined and/ or had access to any particular circumstances, needs, contracts and/or operations of any party having access to this document. There may be specific issues under applicable law,or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.