Cybercrime Surges in 2023, With Business Email Especially Vulnerable

As cybercrime claims activity rises, Coalition's report emphasizes the critical role of robust cybersecurity measures.
By: | April 25, 2024
Topics: Cyber | News

Cyber claims continued to rise in 2023, with overall frequency trending upward and severity increasing by 10% year-over-year to an average loss of $100,000, according to a policyholder analysis by Coalition Inc., a cyber managing general agent.

“Cybercrime is a thriving business that adversely impacts the global economy. In 2023, the Federal Bureau of Investigation (FBI) received more than 880,000 complaints of cybercrime with reported losses of $12.5 billion,” the Coalition report noted.

The surge in claims reported to Coalition was primarily driven by ransomware attacks in the first half of the year. Despite these challenges, businesses that reinforced their security controls generally fared better. In fact, while global ransom payments surpassed $1 billion in 2023, Coalition said its policyholders experienced a 54% drop in ransomware severity in the second half of the year.

Email security emerged as a critical aspect of cyber risk management, with more than half of all claims originating from business email compromise (BEC) or funds transfer fraud (FTF). FTF frequency and severity increased in 2023, with the potential impact of AI-generated phishing emails contributing to the rise.

“Threat actors want to get paid, and the email inbox has proven to be an easy place for an attacker to uncover payment information and potentially intervene in payment processes to steal funds,” said Robert Jones, Coalition’s head of global claims. “In 2023, Coalition endeavored to make recovering from a cyber incident as painless as possible for our policyholders: We successfully helped claw back more than $38 million in fraudulent transfers and handled 52% of all reported matters without out-of-pocket payments.”

Boundary devices also were a source of increased risk for organizations.

“The technologies critical to business operations are often prime targets for threat actors. This is especially true of boundary devices, such as routers, firewalls, and virtual private networks (VPNs), that sit between a business and the public internet,” the report noted.

However, devices with known vulnerabilities, such as exposed Cisco ASA and Fortinet devices, significantly increased the likelihood of experiencing a cyber claim. Remote desktop protocol (RDP) in Windows devices also saw a resurgence in risk, with Coalition honeypot data showing a 59% increase in unique IP addresses scanning for RDP between January and October 2023.

“We also found that policyholders using internet-exposed remote desktop protocol were 2.5 times more likely to experience a claim,” said Shelley Ma, incident response lead at Coalition’s affiliate, Coalition Incident Response. “With new AI tools making it even easier to execute targeted cyber attack campaigns and identify exploitable assets, having an active partner that can help protect your organization from digital risk is crucial.”

Ransomware frequency increased by 15% year-over-year, with a sharp uptick in the first half of 2023. The average ransom demand also increased by 36% to nearly $1.4 million. However, Coalition successfully negotiated the amount down by an average of 64% of the original demand for policyholders who opted to pay a ransom. LockBit and BlackCat variants were two of the more prevalent among Coalition policyholders in 2023.

Business email compromise (BEC) frequency remained relatively stable, while claims categorized as “Other” events, such as non-encryption system compromise claims, saw a 21% increase in frequency and a 28% increase in severity. The MOVEit vulnerability and third-party compromises significantly impacted this category.

As the cyber threat landscape continues to evolve, businesses must remain vigilant in their cybersecurity efforts. Good cyber hygiene, strong security controls, and partnerships with cyber insurance providers are essential in mitigating the risks associated with the ever-present threats of ransomware, FTF, and BEC attacks.

To read the full report, visit the Coalition website. &

The R&I Editorial Team can be reached at [email protected].