Quarterly data snapshot
One piece of good news is that our data shows that fraudulent instruction has decreased 14% over the previous quarter. Professional Services saw a significant improvement in managing fraudulent instruction risks, with incidents down 52% quarter over quarter. Not every industry has seen this improvement, however. Although the prevalence of supplier or vendor compromises obscures this in the percentage charts, Healthcare was one of the few industries to show an increase in fraudulent instruction in Q1.
Business email compromise (BEC) continues to increase, up 35% quarter over quarter, with increases across all industries, except for Healthcare. Professional Services continues to experience the highest number of BEC incidents overall, with an increase of 26% quarter over quarter. Financial Institutions saw almost double the number of BEC incidents in Q1 as in Q4.
Data exfiltration also continues to remain high; we can track its involvement in 87% of incidents in Q1, and that figure will likely increase as the claims mature. Slight variation can be seen from one quarter to the next, but there has not been a significant decline in data exfiltration overall.
Continued volatility in ransomware tactics is the story of Q1 2024, and makes the continued case for a robust, defence-in-depth approach not only to keep attackers out, but also to prevent them from moving around and doing damage if they get in.
The apparent increase in ransomware incidents where the vector is unknown is notable here, but not necessarily surprising. Cyber criminals are increasingly cleaning up after themselves using anti-forensic techniques, eradicating definitive evidence of the initial attack vector. Or the victims themselves may wipe machines or restore from backups, so that evidence needed for forensic investigation is lost.
Data presented in this communication is derived from global incidents reported to Beazley between 2021 and 2024.
The information set forth in this communication is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Although reasonable care has been taken in preparing the information set forth in this communication, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. Non-insurance products and services are provided by non-insurance company Beazley affiliates and independent third parties. Separate terms and conditions may apply.