The latest numbers are in, and we are once again seeing that phishing is down in our ransomware claims data. This trend continues to reflect the success of our underwriting controls’ process in bringing down the overall number of policyholder claims in this area. Read on to learn more about what our Q3 data is telling us.
With 2023 drawing to a close, fraudulent instruction claims are on track to be down for the year overall. If current trends continue, we can expect to see this cause of loss down 14% year over year, driven largely by incident reduction in the retail, manufacturing, and non-profit industries.
In contrast, business email compromise is likely to be up 17% year over year. While professional services experienced the highest number of these incidents overall, the overall number of incidents is in line with last year’s claims statistics. Incidents for manufacturing and non-profits are running more than 50% ahead of last year, and healthcare also increasing at more than 25%.
Q3 data reflects a continued downward trend in incidents involving data exfiltration, but what’s not reflected here is the significant number of MOVEit incidents where policyholders were unlikely to engage a ransom negotiator. In our view, there is not a significant decline in data exfiltration overall, but rather, a trend in how organisations are handling it.
Increased volatility can be seen in the sources of ransomware attacks our policyholders experienced in Q3. While phishing numbers are lower, Remote Desktop Protocol (RDP) is up and software vulnerability incidents are relatively steady. These factors underline the need for a continued, robust defense-in-depth approach to cyber security to keeping attackers out but also preventing them from moving around and doing damage if they get in.
Data presented in this cyber services snapshot is derived from global incidents reported to Beazley between Q1 2021 and Q3 2023.
The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Beazley has not examined and/ or had access to any particular circumstances, needs, contracts and/or operations of any party having access to this document. There may be specific issues under applicable law, or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.