The inaugural Beazley Cyber Services Snapshot presents a deep dive into the growing issue of data exfiltration, exploring the myriad ways that extortion is evolving and becoming more intricate – and how organizations should respond to the associated risks. As explained in the report, threat actors are finding new ways to do business, resulting in double- and even triple-extortion, and as extortion techniques become increasingly complex, so do the risk exposures.
The report features data gathered between 2020 and Q1 of 2022, including cause of loss by industry, ransomware vectors, business email compromise, and data exfiltration. These key data points clearly illustrate a continued need for a multipronged approach to cyber security.
“Extortion incidents no longer just involves file encryption. We are seeing data exfiltration now prevalent in a significant majority of incidents reported to our cyber services team. Multiple threat actors are involved, and they are encrypting systems, stealing and selling data they’ve accessed, and also threatening to expose the fact that an organization’s data was stolen unless payment is provided,” said Raf Sanchez, Beazley’s Global Head of Cyber Services. “This is an increasingly complex landscape and it’s essential that organizations understand the threats and resulting vulnerabilities of these new threat vectors.”
With the quarterly Cyber Services Snapshot, Beazley aims to provide real-time insights into the state of cybersecurity, using incidents reported to Beazley as well as trend analysis from the cyber services team to reveal an ongoing picture of emerging cyber risk.
“This project was conceived as a rolling snapshot of cyber exposure and its impact on cybersecurity needs and recommendations. With threat actors continually evolving their techniques, the industry needs regular access to data and expertise to guide our response. Beazley’s Cyber Services Snapshot will provide that level of ongoing insight, along with thoughtful commentary about key trends our team is seeing that may not yet even be reflected in the data,” said Sanchez.