We recently stumbled upon the 2024 Cyber Claims Report from Coalition, an insurance provider in the United States. It was published in April 2024, so hopefully there is a new edition about to hit the streets. Several data points stood out to us:
- Coalition asserts that “Businesses that reinforced their security controls and embraced partnership with cyber insurance providers were generally more secure than other organizations.” Coalition advocates for an “active approach to cyber risk management.”
- 56% of claims fielded by Coalition were categorized as “funds transfer fraud” or “business email compromise.” Both types of incidents start in the email inbox, highlighting [1] the success that threat actors are achieving with financially-motivated cybercrime that starts with email, and [2] the criticality of protecting email from all types of cyberthreats.
- Funds transfer fraud is where a business is tricked into transferring money into a fraudster’s bank account, usually based on a fraudulent email request. The average loss across 2023 (the reporting timeframe of the 2024 report) was $278,000. On page 11 of the report is a paragraph we could have written based on our recent research – “Cybersecurity trends point to threat actors using generative artificial intelligence (AI) tools to launch more sophisticated attacks. Phishing emails are becoming more credible and harder to detect, and threat actors are believed to be using AI to parse information faster, communicate more efficiently, and generate campaigns targeted toward specific companies — all of which may contribute to increases in FTF claims.” At Osterman, we’d just call this business email compromise.
- Coalition gives the example of a client who transferred $4.9 million to a bank account in Hong Kong based on a fraudulent invoice. Through Coalition’s assistance and their coordination with the FBI and law enforcement agencies, they got all the money back.
- In Coalition’s use of terms, business email compromise incidents, by comparison, are defined as events where a threat actor gains access to the inbox but doesn’t get direct access to funds. Instead, they use the compromised account to “wait inside the network and send phishing emails to compromise a user with direct access to money.” At Osterman, we’d call this account takeover and note its correlation with internal phishing and supply chain compromise scenarios.
- The frequency of ransomware incidents is much lower than the high water mark of 2021, but the average cost per incident is significantly higher than 2021. In other words, fewer attacks but for more per each.
For more, get your copy from Coalition’s web site.