December 15, 2023 Cyber Criminals Remain a Threat For Businesses in 2024

Threats to cybersecurity continue to be significant and complex, making it imperative that companies practice proper cyber hygiene in 2024.

By Anthony Dolce, Head of Professional Liability & Cyber

After the spike of ransomware attacks in 2019, 2020 and 2021, the insurance industry observed that cyberattacks began to decrease in 2022, possibly because of threat actors being more focused on the conflict in Europe. However, during the first half of 2023, the number of cyberattacks now appears to be on the rise again.  Accordingly, it is imperative that companies continue to reinforce their efforts at practicing proper cyber hygiene in 2024. Overall, threats to cybersecurity continue to be significant and complex.  

While ransomware continues to be the costliest type of cyberattack, criminals’ tactics continue to evolve, and new attack vectors will almost certainly emerge in 2024.  Businesses are increasingly falling victim to business email compromise and data breaches coupled with extortion attempts, as well as ransomware with double extortions (encrypting a victim’s data while also threatening to publicly disclose confidential information).   

Focusing specifically on business email compromises (BECs), according to the FBI’s Internet Crime Report, they are one of the most prevalent online crimes. In most instances of BEC, as well as other cyberattacks, phishing plays a role in perpetrating fraud and ransomware delivery.   To protect themselves, businesses should be cyber risk aware. Training employees and implementing email security protocols can help prevent these types of attacks and help reduce losses.

It is expected the sheer number of mundane, commonplace cyberattacks will continue to remain high in 2024. Threat actors see great opportunity to score quick paydays by targeting mid-sized businesses rather than large corporations because it can be lower hanging fruit. If a criminal can get someone to wire $50,000, that’s going to be a much easier way to get paid, than to execute a massive ransomware attack and attract the attention of law enforcement. Typically, cybercriminals want the path of least resistance, which is smaller and lower risk.

A future concern is that, while new safeguards have become commonplace (i.e., MFA and frequent segmented back-ups), businesses may become complacent with their cyber security. Threat actors are constantly evolving and looking for ways to successfully extort money or steal data from an innocent company, so it is imperative that businesses remain vigilant. Technology is always changing, and while cyber insurance carriers may not know when and where the next attack will take place, they can help businesses plan, prepare, and prevent.

Anthony Dolce is Head of Professional Liability and Cyber at The Hartford. He frequently speaks at cyber-related events around the country, authors thought leadership pieces and serves on several insurance industry groups. Dolce earned his B.A. and J.D. from the University of Connecticut and is a member of the Connecticut state and federal bars. He also holds the Certified Information Privacy Professional (CIPP/US) and the Registered Professional Liability Underwriter (RPLU) designations. 

Subscribe to Industry Today