Albert Zhou Joins Corvus Insurance as Chief Risk Officer
Former SynchronoSure, SiriusPoint exec joins leading cyber underwriter.
BOSTON (June 2nd,...
Corvus Risk Insights Index™ findings show fraudulent funds transfer claims reached an all-time high, making up 36% of the company’s cyber claims in Q3 2022
BOSTON (December 7, 2022) — Corvus Insurance, the leading provider of Smart Cyber Insurance® products powered by AI-driven risk data, today released findings from its third Corvus Risk Insights Index™, a compilation of industry trends and data analysis. The report’s findings are drawn from sources of data that Corvus uses to power its underwriting and proactive risk mitigation measures that help its policyholders improve their cybersecurity posture. These sources include the company’s proprietary IT security scanning technology and detailed claims reporting.
The report compares top cyber risks from the evolving threat landscape. Notably, Corvus found that Fraudulent Funds Transfer (FFT) continues to generate substantial losses for organizations, comprising 36% of all claims in Q3 2022. FFT is defined as an attack in which threat actors use social engineering tactics to trick employees or vendors into transferring funds to the wrong accounts.
“Global cybercrime is growing more complex by the day, presenting security leaders with new challenges. With the power of security insights and dynamic claims data feeding Corvus’s technologies, we can help our policyholders improve their cybersecurity posture by informing them of emerging threats and best practices,” said Jason Rebholz, Chief Information Security Officer at Corvus Insurance. “While ransomware continues to be a dominant risk, we are seeing tactics change, including the rise of other forms of extortion as well as funds transfer fraud. The findings from our report serve as a reminder to all security leaders that cybersecurity is fluid and attackers will shift their methods, even revisiting old tactics, so long as they continue to reap financial benefits.”
It’s expected that ransomware and FFT are to remain the top drivers of cyber loss, as Corvus data shows that ransomware and FFT are the two most consistent tactics of choice for threat actors, together representing more than half of all Corvus claims. FFT emerged as a top driver of cyber loss over the past year in terms of frequency, while ransomware remained by far the most costly category of cyber claims.
The total cost of claims, all-time, for ransomware is nearly three times that of FFT because claims resulting from FFT incidents do not typically involve costly data restoration, system recovery, business interruption, or breach response efforts that are commonly required following ransomware attacks.
The rise in FFT incidents is linked to BEC, with FFT making up more than half of all BEC-related claims. BEC can result in an email account takeover, whereby threat actors trick employees into giving up their account credentials and gain access to employees’ inboxes — which is particularly effective for FFT.
Additionally, third-party attacks, FFT, and ransomware were the top risk trends that led to cybercrimes in 2022 compared to 2021.
While there were fewer ransomware claims in the first half of 2022, a larger percentage of claims involved data exfiltration, a tactic used to increase leverage over the victim companies. The threat of stolen data is not limited to the victim's IT system — it can harm an organization's brand reputation and increase liability for exposure of sensitive information.
“It’s vital that the cybersecurity and insurance industries stay connected to remain agile in the changing threat landscape,” said Rebholz. “Rising instances of data exfiltration show that cybercriminals will respond quickly to thwart security professionals, and identify creative ways to increase leverage in ransom negotiations. Insurers have visibility into these changes, enabling us to take an informed, proactive approach with our brokers, policyholders, and partners. It’s Corvus’s responsibility as a leading insurtech to not only make our policyholders safer, but also to help empower the industry at large to make the world a safer place.”
You can access the full Corvus Risk Insight Index™ here. To learn more about Corvus, please visit https://www.corvusinsurance.com.
View the original press release on BusinessWire.
Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance® and Smart Tech E+O™. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Current insurance program partners include AXIS Capital, Crum & Forster, Hudson Insurance Group, certain underwriters at Lloyd’s of London, R&Q Accredited, SiriusPoint, and The Travelers Companies, Inc. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the U.S., in the UK, and Germany. For more information, visit corvusinsurance.com.
Former SynchronoSure, SiriusPoint exec joins leading cyber underwriter.
BOSTON (June 2nd,...
Policyholders who engaged with Corvus Signal in the past three years saw a nearly 20% lower...
Despite a 60% increase of ransomware in early 2023, Corvus Risk Insights Index™ finds fewer are...