Cyber liability insurers are in a good position to provide insight into the types of cyber incidents that are hitting the industry. Coalition, a provider of cyber insurance globally, which “serves over 25,000 small and midsize organizations across every sector of the US and Canada,” issued its Cyber Claims Report this week about the claims trends it is experiencing and an analysis of cyber risk based upon those claims.

According to the report, after analyzing thousands of reported incidents, it found that “the majority of losses” fell under breach response coverage, cyber extortion costs coverage, and funds transfer fraud coverage. According to the report, “[T]hese three loss types accounted for 87 percent of reported incidents and 84 percent of claims payouts.”

It further confirmed what we are seeing in the industry—that “the types of attack techniques criminal actors used to target our policyholders are also highly concentrated. Phishing, remote access, and social engineering attacks accounted for 89 percent of all known attack techniques.”

If this doesn’t tell you where to put your resources in prevention and resiliency, I don’t know what does. According to the report, 54 percent of all claims came from email/phishing schemes, 29 percent of claims were the result of remote access, 6 percent were attributable to “other social engineering,” and 3 percent each or 9 percent total were attributable to third-party compromise, brute force authentication attacks and “other.”

The report notes that ransomware is becoming increasingly sophisticated, which we have repeatedly reported from our experience, and that it has increased 47 percent in severity from Q1 to Q2 in 2020. This means that the ransomware criminals are increasing their ransom demands and “the complexity and cost of remediation is growing. The average ransom demand amongst our policyholders increased 100 percent from 2019 through Q1 2020, and increased another 47 percent from Q1 to Q2 in 2020.”

The report and the reality that we are seeing is grim. Ransomware strains such as Maze, Ryuk, Sodinokibi and DoppelPaymer are taking ransomware attacks to a new level by exfiltrating data before requesting the ransom, and then showing proof of life that they have the data in their possession and then threatening to publish the data unless a ransom is paid for a certificate of destruction. According to Coalition, the average ransom demand ranges from a high of Maze at $420,000 down to Sodinokibi at $73,920.

The Coalition report paints a stark picture of reality that is necessary to confront in order to put practices in place to implement incident response planning, prevention and resiliency.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.