Security Awareness Training Blog

    Ransomware and Fraudulent Funds Transfer are the Two Main Drivers of Cyber Loss

    Ransomware and Fraudulent Funds Transfer are the Two Main Drivers of Cyber LossRepresenting more than half of all cyber loss, new data shows these attacks all begin with employees falling for social engineering, phishing, and business email compromise.

    Cyber Insurers have become an invaluable source of attack data, as they are able to share insights into what kinds of threat tactics are used without the victim organization needing to be identified. It gives those of us interested in understanding attack trends visibility into what threat actors are and aren’t doing.

    In cyber insurer Corvus’ latest Risk Insights Index that covers attacks through Q4 of 2022, they breakdown the primary attack types they’re seeing in claims. According to the report, 51% of all claims involved one of three attack types: fraudulent funds transfer, ransomware, and third-party ransomware.

    Fraudulent funds transfer (representing 27.5% of their claims) is the number one cyber attack experienced. According to Corvus, FFT is a situation “in which a threat actor, through social engineering efforts, has tricked an employee of an organization to wire money to a bank account they control.” The average claim for FFT, according to Corvus is $90,000.

    Both instances of ransomware in the Corvus data make up about 24% of claims, with the average ransom at around $256,000.

    Corvus researchers do warn that while the FFT claims are well under the average ransom, as well as do not incur the same response and recovery actions as ransomware (which further increase the cost a claim), FFT has been steadily increasing over the last three years, making it more and more an issue.

    And given that both of these attacks use similar tactics up front to gain access to and control of email, endpoints, applications, and data, it makes sense that organizations need to employ Security Awareness Training to help counteract social engineering tactics used during early phases of these attacks.

     

    Return To KnowBe4 Security Blog

    Get Your Ransomware Hostage Rescue Manual

    Ransomware Hostage Rescue Manual Cover 2022This 26-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:

    1. What is Ransomware?
    2. Am I Infected?
    3. I’m Infected, Now What?
    4. Protecting Yourself in the Future
    5. Resources

    Don’t be taken hostage by ransomware. Download your rescue manual now! 

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ransomware-hostage-rescue-manual-0

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews