Beazley projects ransomware attacks to quadruple in 2016
Beazley, a leading provider of data breach response insurance, today released its Beazley Breach Insights – October 2016 findings based on its response to client data breaches in the first nine months of 2016. The specialized Beazley Breach Response (BBR) Services unit found that, on current trends, ransomware attacks in 2016 will be four times higher than last year.
The ransoms sought from target companies remain low, often in the region of $1000. But they are not the only costs incurred by companies that suffer attacks. An extensive review of company systems and data is normally required to ensure that the malware has been removed and data is clean.
During the first nine months of 2016, Beazley’s BBR Services division managed 1,437 data breaches on behalf of clients, compared to 931 breaches during the same period last year. Analysis of these breaches revealed:
- Ransomware attacks are soaring. Beazley’s clients were the targets of more attacks in July and August of 2016 (52) than in all of 2015 (43). Beazley projects it will respond to four times as many ransomware attacks in 2016 as it did last year.
- Hacks are persistent. The proportion of data breaches deriving from hacking and malware attacks in the first nine months of this year across all industries in Beazley’s portfolio stood at 31%, in line with the percentage of such incidents observed in 2015 (32%).
- Hackers are focusing more attention on financial institutions. Financial institutions are facing a higher proportion of breaches involving hacking and malware. In the first nine months of 2016 hacking and malware breaches accounted for 39% of the data breaches suffered by financial institutions, up from 26% for the comparable period in 2015.
- Hacking is also a growing menace for higher education. Nearly half of 2016 data breaches at higher education institutions (46%) were caused by hacking or malware, up from 38% of industry breaches in the first nine months of 2015.
- For healthcare providers, human error presents a larger risk. Within healthcare organizations, breaches caused by unintended disclosure represented 40% of all industry incidents in 2016 to date, a sharp rise from 28% in the first three quarters of 2015. This is connected to the large amount of information shared between organizations in this industry. 19% of healthcare breaches were caused by hacking or malware in 2016, down from 28% in 2015.
- More than half of the breaches suffered by retailers derive from hacking and malware. The rate of hacking and malware in the retail industry remained high, accounting for 53% of all retail data breaches handled by BBR Services in the first nine months of 2016, compared to 51% in 2015.
Katherine Keefe, global head of BBR Services, said: “From what we are seeing, it appears that many hackers are finding it easier to make money by holding companies to ransom for bitcoin than through selling personal data on the dark web. But, the persistently high levels of hacking and malware attacks of all kinds are a reminder that organizations across industries, and of all sizes, need actionable plans ready to implement when a breach occurs.”