Threats to Cybersecurity Continue to be Significant and Complex
After the spike of ransomware attacks in 2019, 2020 and 2021, the insurance industry observed that cyberattacks began to decrease in 2022, possibly as a result of threat actors being more focused on the conflict in Europe.1 However, during the first half of 2023, the number of cyberattacks now appears to be on the rise again. Accordingly, it is imperative that companies continue to reinforce their efforts at practicing proper cyber hygiene in 2024. Overall, threats to cybersecurity continue to be significant and complex.
While ransomware continues to be the costliest type of cyberattack, criminals’ tactics continue to evolve, and new attack vectors will almost certainly emerge in 2024. Businesses are increasingly falling victim to business email compromise and data breaches coupled with extortion attempts, as well as ransomware with double extortions (encrypting a victim’s data while also threatening to publicly disclose confidential information).
Focusing specifically on business email compromises (BECs), according to the FBI’s
Internet Crime Report, they are one of the most prevalent online crimes. In most instances of BEC, as well as other cyberattacks, phishing plays a role in perpetrating fraud and ransomware delivery. To protect themselves, businesses should be cyber risk aware. Training employees and implementing email security protocols can help prevent these types of attacks and help reduce losses.
It is expected the sheer number of mundane, commonplace cyberattacks will continue to remain high in 2024. Threat actors see great opportunity to score quick paydays by targeting mid-sized businesses rather than large corporations because it can be lower hanging fruit. If a criminal can get someone to wire $50,000, that’s going to be a much easier way to get paid, than to execute a massive ransomware attack and attract the attention of law enforcement. Typically, cybercriminals want the path of least resistance, which is smaller and lower risk.
A future concern is that, while new safeguards have become commonplace (i.e., MFA and frequent segmented back-ups), businesses may become complacent with their cyber security. Threat actors are constantly evolving and looking for ways to successfully extort money or steal data from an innocent company, so it is imperative that businesses remain vigilant. Technology is always changing, and while cyber insurance carriers may not know when and where the next attack will take place, they can help businesses plan, prepare, and prevent.
1 “Ransomware attacks decreased 61% in 2022,” Security, January 2023
The information provided in these materials is intended to be general and advisory in nature. It shall not be considered legal advice. The Hartford does not warrant that the implementation of any view or recommendation contained herein will: (i) result in the elimination of any unsafe conditions at your business locations or with respect to your business operations; or (ii) be an appropriate legal or business practice.
The Hartford assumes no responsibility for the control or correction of hazards or legal compliance with respect to your business practices, and the views and recommendations contained herein shall not constitute our undertaking, on your behalf or for the benefit of others, to determine or warrant that your business premises, locations or operations are safe or healthful, or are in compliance with any law, rule or regulation.
Readers seeking to resolve specific safety, legal or business issues or concerns related to the information provided in these materials should consult their safety consultant, attorney or business advisors. All information and representations contained herein are as of December 2023.