Regular listeners of Advisen’s Quarterly Cyber Risk Trends webinar series get to see our cyber loss data in action. With cyber risk a key focus during the COVID-19 pandemic and a widespread shift to working from home that is likely to persist for many organizations, we thought we would share some of the latest Advisen insight into cyber losses.

“Cyber loss” has for a long time been nearly synonymous with “data breach” or some other type of event where personally identifiable or personal health information has been compromised (PII, PHI). While these events still occur, Advisen data show that the proportion of incidents by type has changed – data privacy incidents began to drop from a peak of 70% of all cyber loss events in 2018, as shown below. That drop has been matched by the rising trends of network disruption incidents – these events can be ransomware events or other events that cause some type of interruption in corporate activities.

Network disruption events have tripled in 2020 and have struck organizations of all sizes., according to Advisen’s loss database and resident cyber expert Aloysius Tan who offered insight into the data during a recent webinar.

“This growth should come as no surprise, given the prevalence of these attacks in recent years,” said Aloysius Tan, Advisen’s resident cyber expert and data product manager during a recent webinar on the cyber risk loss trends from Q2.

Despite a general drop in data privacy incidents over time, data privacy events showed an increase between the first quarter and the second quarter of 2020, as shown in the graph below. The shift may be driven by the pandemic.

“These tend to be generally more opportunistic in nature,” said Tan. “Where organizations could reasonably minimize exposure in an office environment, the shift to work-from-home environments has exponentially increased the number of potential points of entry.

Industries impacted

The impact of the pandemic could also be seen in the industries most affected during the second quarter of 2020. While some ransomware actors publicly said they would not target healthcare firms during the pandemic, others felt no such scruples.

“Top industries don’t usually change much year to year, let alone quarter to quarter, but we’re seeing a very different picture in the past quarter,” said Tan. In the past year, finance and insurance firms were “reliably” the top industry due to the wealth of data held. However, in the second quarter of 2020, healthcare organizations drew the largest percentage of cyber events, following by public administration and professional services.

“Opportunistic attacks often target vulnerable, low-hanging fruit,” said Tan. “So, it comes as no surprise that the organizations most overwhelmed by the distraction of COVID-19 were the ones most targeted during this time.”

As with the shift in type of incident, Advisen data over the last several years shows a shift in the types of assets targeted. Over time, there has been a clear gravitation away from PII toward other easier-to-monetize information or actions, such as personal financial identity information (PFI) and corporate assets. However, again, 2020 is shaking up this trend and starting to show a reversal. While corporate assets – either funds, business income or intellectual property – still make up a significant percentage of the compromised assets, PII appears to be making a comeback as a popular target.

PII has been viewed as low-effort, low-reward when contrasted with the higher-effort, but higher pay-off of tactics like ransomware or PFI theft. Hackers, in other words, appear to be going with the flow of the cyber landscape, especially in the second quarter of 2020, as shown in the graph below.

“It’s not simply that they’re suddenly getting lazy this year, but rather that the changing of the cyber landscape in light of the pandemic has made things easier for them,” said Tan. “They don’t mind working, but right now they don’t really have to.”

He added, “For example, when companies started beefing up their defenses, hackers had to find alternative ways. When companies wised up to ransomware, hackers became increasingly targeted in their methods. The pandemic has completely changed cyber risk exposure for companies and hackers are not above exploiting these changes to their benefits.”

By Erin Ayers, Advisen

For the full article, visit: