Three trends set to drive cyber-attacks in 2024
Ransomware attacks saw a sharp increase once again over the past year.
In 2023, the cyber threat landscape witnessed a concerning resurgence in ransomware and extortion activities, marking a shift from the previously stable loss trends. Hackers, adept at exploiting vulnerabilities in both IT and physical supply chains, intensified their attacks on businesses, irrespective of their size.This alarming trend underscores the paramount importance of cyber risk management, with our clients consistently ranking it as their top concern in the annual Allianz Risk Barometer survey.
Ransomware claims surged by over 50% compared to the previous year, propelled in part by the accessibility of Ransomware-as-a-Service (RaaS) kits, available for as little as US$40. These kits have facilitated a rapid increase in attack frequency, with cybercriminals executing assaults in as little as four days, down from an average of 60 days in 2019. Moreover, most ransomware incidents now involve data theft, amplifying the complexity and cost of such attacks while posing significant reputational risks.
As a global insurer, our analysis of large cyber losses (€1mn+) revealed a concerning trend: the proportion of cases involving data exfiltration nearly doubled from 40% in 2019 to almost 80% in 2022, with 2023 showing even higher activity.
Combatting these evolving threats presents formidable challenges. Cybercriminals are increasingly harnessing artificial intelligence (AI) to automate and enhance their attacks, enabling the creation of more sophisticated malware and phishing techniques. Moreover, the proliferation of connected mobile devices and the advent of 5G technology have expanded the attack surface, providing cybercriminals with new avenues for exploitation.
Emerging threats
At Allianz, our global team of risk engineers monitors these emerging threats closely, assisting companies in mitigating their cyber risk exposure. Some key threats currently on our radar include:
The Power of AI in Cyber Attacks: Threat actors leverage AI-powered tools to orchestrate attacks more efficiently. AI-generated content, including voice simulations and deepfake videos, is increasingly being used to deceive targets and facilitate fraud.
Vulnerabilities of Mobile Devices: The blending of personal and corporate data on mobile devices presents an attractive target for cybercriminals. The lax security measures and increased remote access during the pandemic have heightened the risk of cyberattacks targeting mobile devices, with criminals exploiting vulnerabilities via malware and phishing attacks.
Cyber Security Skills Shortage: The global shortage of cybersecurity professionals is exacerbating the challenge of defending against cyber threats. Without adequate expertise, organizations struggle to predict, prevent, and respond to cyber incidents effectively.
In light of these challenges, early detection and response capabilities are paramount. While prevention remains crucial, detection tools and response strategies are increasingly becoming focal points for cybersecurity investments. Early detection can significantly mitigate the impact of cyberattacks, averting potential losses that could escalate rapidly if left undetected.
As the cyber threat landscape continues to evolve, proactive measures and collaborative efforts among stakeholders will be essential to safeguarding against emerging risks and ensuring the resilience of organizations in the face of cyber threats. Through vigilant monitoring and strategic investments in detection and response capabilities, we can mitigate the impact of cyberattacks and sustain a robust cyber insurance market for the future.
* Scott Sayce is the Global Head of Cyber Insurance at Allianz Commercial.
**Opinion pieces and letters by the public do not necessarily reflect the opinion of the editorial team. The editors reserve the right to abridge original texts. All newspapers of Namibia Media Holdings adhere to the Code of Ethics for Namibian Media, a code established jointly with the Media Ombudsman.