Verizon’s annual report on data breaches says cost & frequency of ransomware attacks has been rising
The costs of ransomware attacks are on the rise, with the median cost per incident having more than doubled over the past two years, according to Verizon’s annual Data Breach Investigations Report (DBIR) for 2023.
Ransomware attacks involve the encryption of an organization’s data and the extortion of money—often, large sums of money—in order to restore data access. Some recent incidents have impacted city services in Dallas, Texas; resulted in Enzo Biochem having to notify nearly 2.5 million customers that their health information and Social Security numbers were compromised; and resulted in the largest health data breach so far this year, via a ransomware attack on dental insurer Managed Care of North America.
Both ransomware costs and the number of incidents have risen dramatically over the past two years, the DBIR concludes. In the past two years, the report authors note, there were more ransomware attacks than in the previous five years combined. Ransomware incidents with a reported loss ranged between $1 and $2.25 million, with a median cost per incident of $26,000. With financial gain as the driving force behind the vast majority of cyberattacks, ransomware will continue to be a factor so long as it provides a payoff. It represented nearly one in four data breaches, making it one of the top methods for cyberattacks, and is “ubiquitous among organizations of all sizes and in all industries,” the report says.
“That almost a quarter of breaches involve a Ransomware step continues to be a staggering result,” the authors wrote. “However, we had been anticipating that Ransomware would soon be hitting its theoretical ceiling, by which we mean that all the incidents that could have Ransomware, would have. Ransomware is present today in more than 62% of all incidents committed by Organized crime actors and in 59% of all incidents with a Financial motivation, so sadly there is still some room for growth.”
This year’s DBIR report is based on analysis of more than 16,000 security incidents and nearly 5,200 breaches.
One of the other fast-growing attack types is Business Email Compromise, which is a type of social engineering attack in which enterprise employees or executives are impersonated and the recipient is asked to “conduct a relatively routine task, such as updating a vendor’s bank account,” as the DBIR described it. The new account belongs to the attacker. Those BEC attacks have almost doubled since last year and the median amount stolen is up to $50,000.
“Senior leadership represents a growing cybersecurity threat for many organizations,” said Chris Novak, managing director of cybersecurity consulting at Verizon Business. “Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”
Perhaps a bit surprisingly, the DBIR team reported that while there are anecdotes that state-sponsored cyberattacks are up due to the ongoing war in Ukraine, there hasn’t been a big enough uptick in that category to impact the overall statistical picture.
