Business email compromise now ranks as a top attack method, with 70% of organizations saying they’ve faced a BEC attempt in the last year and 29% actually falling victim to at least one attack, according to a new report from Arctic Wolf.
“Attackers are focusing on the human element, as evident with the overwhelming targeting via business email compromise. No matter the method of intrusion, the stakes are even higher for business leaders as most successful ransomware attacks involve data exfiltration,” said Ian McShane, vice president for managed detection and response (MDR) at Arctic Wolf.
The firm’s “State of Cybersecurity: 2024 Trends Report” surveyed 1,000 senior IT and cybersecurity decision-makers in over 15 countries.
Ransomware also remained “rampant,” according to the report, with 45% of respondents saying they had experienced an event in the last year with 86% of the successful attacks featuring data exfiltration.
Data breaches have risen, as has public disclosure of breaches. Arctic Wolf found that 66% of organizations opted to share information about their breaches, while 30% disclosed information only to affected parties or those they were otherwise obligated to tell. Four percent disclosed no information at all. This marks a major uptick from 2023 when just 26% of breached organizations disclosed any information about their events.
“This increase may be contributed to numerous factors, including the continued adoption of cyber insurance and the need to disclose incident information when filing a claim, the decrease in stigma that a breach is a ‘failure’ of a security program, the adoption of state and federal laws regarding proper disclosure such as the expanded FCC data breach notification rules, and others,” said Arctic Wolf in its report. “This drastic increase in breach disclosure can be seen as a positive trend, since it notifies more parties who may be negatively impacted by a breach.”
Arctic Wolf saw other positive signs, including “an incredible 95%” of respondents either already carrying cyber insurance (66%) or in the process of buying it (29%).
However, respondents also expressed concerns around cyber insurance prices and strict requirements for maintaining their coverage. About 20% also found the insurance procurement process to be time-consuming.
“This indicates that, as we continue to see security decision-makers adopt cyber insurance policies, it will not be without some level of concern and pain points,” said the firm.