Ransomware Attacks Are Soaring, Says Beazley in Data Breach Report

Ransomware attacks against businesses will be four times higher in 2016 than last year, with a growing number of ransom-seeking hackers demanding bitcoin rather than money, according to a report by specialty insurer Beazley.

The Beazley Breach Insights report is based on the insurer’s client data breaches in the first nine months of 2016. During the first nine months of 2016, Beazley Breach Response (BBR) Services unit managed 1,437 data breaches on behalf of clients, compared to 931 breaches during the same period last year.

Overall, hackers are focusing more attention on financial institutions, according to Beazley. In the first nine months of 2016 hacking and malware breaches accounted for 39 percent of the data breaches suffered by financial institutions, up from 26 percent for the comparable period in 2015.

For healthcare providers, human error presents a larger risk. Breaches caused by unintended disclosure represented 40 percent of all healthcare industry incidents in 2016 to date, a sharp rise from 28 percent in the first three quarters of 2015. Beazley analysts say thus is connected to the large amount of information shared between organizations in this industry. The report found that 19 percent of healthcare breaches were caused by hacking or malware in 2016, down from 28 percent in 2015.

The ransomware growth trend is particularly evident in the financial services, retail and hospitality sectors, according to the report.

“From what we are seeing, it appears that many hackers are finding it easier to make money by holding companies to ransom for bitcoin than through selling personal data on the dark web,” said Katherine Keefe, global head of BBR Services. “But the persistently high levels of hacking and malware attacks of all kinds are a reminder that organizations across industries, and of all sizes, need actionable plans ready to implement when a breach occurs.”

The breach response unit found that the ransoms sought from target companies remain low, often in the region of $1,000. But they are not the only costs incurred by companies that suffer attacks. Companies that are hit must often also pay for an extensive review of their systems and data to ensure that the malware has been removed and data is clean, according to the specialists at Beazley.

Beazley said its analysis of data breaches also revealed:

Beazley said it has helped clients handle more than 4,500 data breaches since the launch of its in-house Beazley Breach Response unit in 2009. The BBR Services team coordinates the forensic, legal, notification and credit monitoring services for clients and develops Beazley’s risk management services designed to minimize the risk of a data breach occurring.