Cyberattacks: 2021, year of all dangers

Orange CyberDefence reported a 13% increase in the number of attacks globally in 2021. Using highly sophisticated techniques, hackers do not hesitate to attack states, government organizations, businesses, and individuals.

A survey entitled "2021 State of Ransomware Survey and Report", conducted by the cyber security company ThycoticCentrify, shows that 64% of respondents admit to having been the victim of a ransomware attack in the year 2021. Another worrying figure is that 83% of the companies attacked had to pay a ransom to have their data restored.

According to Check Point Software, a California-based IT security specialist, the number of intrusion attempts has significantly increased in 2021. This increase is 68% for Europe with an average of more than 600 weekly cyberattacks on companies.

North America saw a 61% increase in this type of attack with some 500 hacking attempts per week. These two regions are followed by Latin America (+38%), Asia-Pacific (+25%) and Africa (+13%).

Cost of cyberattacks for businesses

The average cost of a cyberattack varies according to the size of the company. It is estimated at 7 000 EUR for very small companies and 300 000 EUR for small and medium-sized companies.

The average amount of a ransom demand is around 220 000 EUR. In addition to this amount, there are other indirect costs related to repairs, the purchase of equipment, the assistance of competent teams and business interruption. These additional costs are often 5 to 10 times higher than the ransom amount.

Major cyberattacks of 2021

• January and March: theft of U.S. citizens' Social Security numbers,
• February: a series of attacks targeting Accellion's supply chain and its File Transfer Appliance (FTA) servers,
• March: Hacking of Microsoft's email system. More than 30 000 companies and organizations including the European Banking Authority were targeted,
• March-October: several attacks were made against the computer hardware manufacturer ACER. The company was targeted by a ransomware in March with a ransom demand of 50 million USD. Its Indian subsidiary and Taiwan-based infrastructure were attacked again in October,
• March: sophisticated cybersecurity attack and disruption of messaging services at CNA Financial, one of the largest insurance companies in the US,
• April: massive data leakage at LinkedIn and Facebook,
• May: Ransomware attack against Colonial Pipeline Group,
• May: attack against a subsidiary of the Axa Group. The cybercriminals stole several terabytes of sensitive data. The losses are estimated at 5.5 billion USD,
• December: intrusion into the computer system of the Belgian army,
• December: massive cyberattack against the Quebec government.

Hardening of the cyber insurance market

Cybercrime is one of the most dreaded risks for companies. Companies are finding it increasingly difficult to find adequate cyber coverage, even at exorbitant rates.

Faced with the increase in attacks, the rise in claims and the decrease in capacity offered by insurers, the cyber insurance market has become narrow, with insurers gradually reducing their exposure to the risk or excluding it from their portfolio.

It is worth noting that in the January 2022 renewals, all companies experienced a significant increase in cyber insurance rates, so much so that some of these companies are concerned that they will not be able to pay the premiums charged in the future.

Within this market, AIG, Chubb and Allianz are in the front line. Overexposed, these three insurers continue to reduce their capacity. Allianz has contracted by 30% in 2021 after a 50% drop in 2020. As a result, the current capacity of the global market does not allow for a real mutualization of the cyber risk.