Beazley, a provider of data breach response insurance, said in a report on Thursday that ransomware attacks quadrupled in 2016 and they are projected to double again in 2017.
Beazley released its Beazley Breach Insights – January 2017 findings based on its response to client data breaches in 2016. The specialized Beazley Breach Response (BBR) Services unit saw ransomware attacks quadruple in 2016, from less than 50 in 2015 more than 200 last year. “The ease and effectiveness of these attacks portend an even larger increase in 2017,” Beazley said in a statement.
“Organizations appear to be particularly vulnerable to attacks during IT system freezes, at the end of financial quarters and during busy shopping periods,” Beazley said in the statement. “Evolving ransomware variants enable hackers to methodically investigate a company’s system, selectively lock the most critical files, and demand higher ransoms to get the most valuable files unencrypted.”
Katherine Keefe, global head of BBR Services, noted that the threat from ransomware is not only growing, but evolving to allow hackers to target vulnerable organizations and their most valuable data files and adjust ransom demands accordingly. “The sustained increase in these threats in 2016 indicates that even more organizations will be attacked in 2017 and need to have incident response plans in place before they get a ransomware demand,” she said.
The report noted that unintended disclosure is an issue, with the proliferation of criminals looking to profit from confidential information making formerly minor mistakes much more dangerous. “Unintended disclosure, most often emails or faxes sent to the wrong recipient, increased to 32% of all breaches in 2016, up from 24% in 2015,” the statement noted.
Hacks and malware accounted for 40% of financial institution data breaches in 2016, up from 27% in 2015. Unintended disclosure – mainly caused by misdirected emails – was also up, rising to 28% of breaches in 2016 from 24% in 2015. Hacks and malware also accounted for nearly half of higher education data breaches in 2016 (45%), up from 35% of breaches in 2015. Unintended disclosures caused 28% of breaches in 2016, up from 22% in 2015, the statement said.
In the healthcare industry in 2016, unintended disclosure – misdirected faxes and emails or the improper release of discharge papers – led to 40% of breaches, up from 30% in 2015. However, in a sign that the industry might be improving defences, hacks and malware accounted for only 19% of breaches in 2016, down from 27% in 2015.
Last year, Beazley’s BBR Services division managed 1,943 data breaches on behalf of clients compared to 1,247 breaches in 2015.