The Rising Threat of Data Exfiltration

The Allianz Cybersecurity Resilience Report 2024 provides valuable insights into the evolving nature of cyber threats, with ransomware and data breaches leading the list of risks. Santho Mohapeloa, Senior Cyber Specialist at Allianz Commercial, explains that ransomware remains a major concern, accounting for 58% of large claims over €1 million. However, the nature of ransomware attacks is changing. With organizations improving their defenses, cybercriminals are moving away from encryption-based attacks and focusing on data exfiltration. By stealing sensitive data, they gain more leverage in ransom negotiations, often leading to higher financial losses.

Data breaches are also increasing, particularly in sectors like healthcare, and are often followed by class action lawsuits. These legal actions, especially prevalent in the U.S. and Europe, can significantly amplify the costs associated with a breach. Mohapeloa points to recent high-profile incidents, including breaches at MGM Grand, T-Mobile, and Snowflake, as examples of how damaging these attacks can be.

To combat these growing threats, Allianz advocates several best practices.  Mohapeloa emphasises the importance of employee training, particularly simulations of phishing attacks, which can drastically reduce risk. Other critical strategies include implementing multi-factor authentication (MFA), disaster recovery plans, and business continuity plans. Mohapeloa advises regularly testing these measures, much like fire drills, to ensure companies are fully prepared when a cyberattack occurs.

For brokers, the Allianz Cybersecurity Resilience Report serves as an indispensable tool to understand global cyber trends and prepare their clients for future challenges. As Mohapeloa notes, businesses that adopt these best practices and work closely with their brokers tend to experience fewer severe losses and recover more effectively after incidents.

Key points

• Ransomware remains the dominant cyber risk, accounting for 58% of large claims over €1 million.

• Cybercriminals are increasingly turning to data exfiltration, where they steal data rather than encrypt it, gaining more leverage in ransom demands.

• Class action lawsuits in the U.S. and Europe are on the rise, driving up the financial impact of data breaches.

• Best practices for mitigating cyber risks include employee training, multi-factor authentication (MFA), disaster recovery plans, and business continuity plans.

• Regular simulation exercises for phishing attacks and disaster recovery are crucial in reducing the impact of actual cyber events.