Ransomware and Fraudulent Funds Transfer are the Two Main Drivers of Cyber Loss

Representing more than half of all cyber loss, new data shows these attacks all begin with employees falling for social engineering, phishing, and business email compromise.

Cyber Insurers have become an invaluable source of attack data, as they are able to share insights into what kinds of threat tactics are used without the victim organization needing to be identified. It gives those of us interested in understanding attack trends visibility into what threat actors are and aren’t doing.

In cyber insurer Corvus’ latest Risk Insights Index that covers attacks through Q4 of 2022, they breakdown the primary attack types they’re seeing in claims. According to the report, 51% of all claims involved one of three attack types: fraudulent funds transfer, ransomware, and third-party ransomware.

Fraudulent funds transfer (representing 27.5% of their claims) is the number one cyber attack experienced. According to Corvus, FFT is a situation “in which a threat actor, through social engineering efforts, has tricked an employee of an organization to wire money to a bank account they control.” The average claim for FFT, according to Corvus is $90,000.

Both instances of ransomware in the Corvus data make up about 24% of claims, with the average ransom at around $256,000.

Corvus researchers do warn that while the FFT claims are well under the average ransom, as well as do not incur the same response and recovery actions as ransomware (which further increase the cost a claim), FFT has been steadily increasing over the last three years, making it more and more an issue.

And given that both of these attacks use similar tactics up front to gain access to and control of email, endpoints, applications, and data, it makes sense that organizations need to employ Security Awareness Training to help counteract social engineering tactics used during early phases of these attacks.