SMBs hardest hit by ransomware
A new report from cyber risk insurance provider Coalition shows that while overall incidents are down, and ransomware attacks are declining as demands go unpaid, smaller businesses have become bigger targets.
In the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, 58 percent higher than levels during the first half of 2021.
"Across industries, we continue to see high-profile attacks targeting organizations with weak or exposed infrastructure -- which has become exacerbated by today's remote working culture and companies' dependence on third-party vendors," says Catherine Lyle, Coalition's head of claims. "Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that Active Insurance is accessible."
Overall ransomware demands decreased from $1.37M in H2 2021 to $896,000 in H1 2022. Of the incidents involving its clients that resulted in a payment, Coalition negotiated the sum down to roughly 20 percent of the initial demand.
"Organizations are increasingly aware of the threat ransomware poses. They have started to implement controls such as offline data backups that allow them to refuse to pay the ransom and restore operations through other means," says Chris Hendricks, Coalition's head of incident response. "As ransomware is on the decline, attackers are turning to reliable methods. Phishing, for example, has skyrocketed -- and only continues to grow."
Among other findings, the report shows that phishing triggers the majority of cyber incidents, accounting for 57.9 percent of reported claims. Funds transfer fraud (FTF) claims have held steady thanks to phishing. Vulnerabilities in Microsoft Exchange have become a persistent issue, with smaller organizations using on-premise Microsoft Exchange 119 percent more likely to incur a claim.
The full report is available from the Coalition site.