Growing cyber threat outpaces defences

04 April 2018

The cyber threat continues to grow, despite an increased investment in cyber security, according to analysis from the EU’s cyber security agency, the European Union Agency for Network and Information Security (ENISA).

In its latest threat landscape report, ENISA found that almost all the main cyber threats are increasing, despite the best efforts of governments and the private sector to combat them. Even with a record investment in cyber security, 2017 saw new records in cyber attacks of all kinds. Based on experience in 2017, ENISA said increased defence levels and expenses may not successfully reduce levels of cyber threat exposure.


ENISA’s analysis of cyber attacks in 2017 found that almost all threat types are considered to be an increasing threat. Overall, the cyber security agency’s analysis of incidents in 2017 found that the complexity of attacks and sophistication of malicious actions in cyberspace continues to increase, both from cyber criminals and nation states.

ENISA said that the monetisation of cyber crime is becoming the main motive of threat agents, in particular cyber criminals. However, state-sponsored actors are now one of the most “omnipresent malicious agents” in cyberspace and a top concern of commercial and governmental defenders. Cyber-war has become more dynamic, creating increased concerns to critical infrastructure operators, it said.


Malware remained the most common cyber threat for businesses in 2017. While the frequency of malware attacks has stabilised, they continue to evolve in terms of sophistication and diversity. ENISA found an increase in both “click-less” and “file-less” malware, wipers, and attacks against supply chains.

Ransomware is one of the main threat types increasing in frequency and sophistication – global ransomware cost an estimated USD 5 billion in 2017. If a company suffered an infection during 2017, it is most likely to have been caused by ransomware than by any other malware – around 60% of malware payloads were ransomware, according to ENISA.

Over 70% of companies targeted by ransomware went on to be infected while 72% lost data for two days or more. The average ransom demand rose to USD 1,077 in 2017, up by three times since 2015. However, one in five businesses that paid the ransom never recovered their files.

While mass attacks like WannaCry persist, ransomware attacks are becoming more targeted as criminals direct their attacks at more profitable targets. ENISA also warned that ransomware attacks are focusing on operational technology, in particular connected medical devices.


Despite the rise of ransomware, 2017 also followed a trend of increasing data breaches. The number of confirmed successful attacks increased by 25% last year, with more incidents still coming to light, ENISA said. The largest 10 breaches exposed 5.6 billion of the six billion records compromised in the first six months of 2017, it added.

ENISA noted that a high number of data breaches were linked to weak or stolen passwords, indicating the need to expedite the end of passwords as a means for protection. About 95% of phishing attacks that led to a breach were followed by unwanted software installation, it said.


The overall threat from phishing and social engineering is on the rise, increasing both in volume and sophistication in 2017, according to the ENISA report. Phishing is often used as the first step in a cyber-attack and is the most successful infection vector for data breaches and security incidents.

ENISA noted that phishing attacks were becoming more targeted and are increasingly delivered through legitimate websites and social media, making them harder to detect. It said that the number of new phishing websites has increased dramatically - to an average of more than one million per month - making it impossible to block sites using static block lists.


The threat from distributed denial of service (DDoS) attacks is also increasing and it is an important threat for almost all types and size of businesses, according to ENISA. Over a third of organisations faced a DDoS attack in 2017, compared to just 17% in 2016. The gaming industry was the most targeted, alongside the banking, energy, transportation and media sectors.

According to ENISA, DDoS attacks are often combined with other cyber threats, such as ransomware. There has also been a number of DDoS for ransom attacks, where cyber criminals extort money under the threat of a DDoS attack – last year saw the Armada Collective demand USD 315,000 from seven South Korean banks in exchange for not disrupting their online service.


Beazley’s Breach Briefing, which analyses some 2,600 data breaches handled by insurer Beazley in 2017, identified a trend for growing cyber extortion, more sophisticated phishing attacks and an increase in business interruption.

While attacks are becoming more sophisticated, Beazley noted that human error also continues to be a major factor in data breaches. Some 28% of breaches in 2017 were caused by accidental exposure and 10% by an insider, while another 10% were down to social engineering.


Beazley said that cyber extortion continues to plague companies in the form of ransomware attacks, as well as more direct extortion where attackers steal sensitive data or threaten a DDoS attack.
A claim handled by the insurer in 2017 saw hackers steal employee data from a manufacturer and demand a ransom payment in exchange for not publishing the data. The claim, including the ransom payment, was USD 70,000. In another incident, an investment firm was hit by ransomware, as well as extortion demands. The hackers approached the firm and its clients directly, threatening to release investor data. The total cost of the breach response services and ransom payment exceeded USD 65,000.

Beazley has also recorded a rise in cyber events that lead to business interruption. In addition to ransomware attacks, the risk of loss from dependent business interruption continues to increase with the growth of cloud platforms, connected devices, and digitisation of supply chains, it said.

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on