Fraudulent funds transfer (FFT) and ransomware were the biggest drivers of financial loss from cybercrime in 2022, accounting for more than 50% of insurance claims, according to figures from Corvus.
The insurance company found that FFT and ransomware “are the two most consistent tactics of choice for threat actors,” with FFT representing 28% of cyber claims and ransomware 23% in its all-time figures.
However, the average FFT claim is significantly lower than ransomware – $90,000 versus $256,000, respectively. Additionally, over all time, ransomware claims are three-times higher than that of FFT. This is because “FFT incidents do not typically involve costly data restoration, system recovery, business interruption or breach response efforts” that are required following ransomware attacks.
Despite this, Jason Rebholz, CISO at Corvus Insurance told Infosecurity that the cyber insurance industry must avoid “tunnel vision” on ransomware, viewing it as the sole threat to organizations.
“While the cost of ransomware claims are three times that of fraudulent funds transfer, the higher frequency of other attack vectors like business email compromise (BEC) and FFT could deliver death by a thousand cuts,” he explained.
The prevalence of FFT, in which social engineering techniques are used to trick employees or vendors into transferring funds to the wrong accounts, highlights the growing effectiveness of BEC scams. The report found that FFT represented 70% of all BEC-related claims, and BEC made up 45% of claims in H1 2022.
No tags.
