The report, which will be published quarterly, looks at the evolution of cyber threats, including the most prominent threat incident attack methods, most prominent threat actor groups, most targeted sectors and risks on the horizon.
The report shows that instances of ransomware attacks in Q3 2021 more than doubled since Q1 2021, from 20% to 46%. Business email compromise (BEC) incidents fell by 4% quarter on quarter, accounting for 29% of attacks in Q3 and becoming the second most common dominant threat type. Incidents of unauthorised access and the risk of insider threats also increased, but to a lesser extent than ransomware, accounting for 25% of incidents in the same period.
The professional services sector remained the most targeted sector overall in Q3, increasing its dominance by nearly 4% on the previous quarter’s figures to 22%. This is most likely due to attackers increasingly utilising supply chain breaches within professional services firms to reach as many victims as possible in a single attack.
Additional sectors that were heavily targeted in Q3 include technology and telecommunications (13%), financial services (13%), health care (12%) and manufacturing (10%).
Says Ioan Peters, Managing Director and Co-Regional Lead in EMEA for Kroll’s Cyber Risk practice:
“Ransomware remains a huge threat to organisations of all shapes and sizes. We’ve seen threat actors mobilise and expand their efforts since the beginning of the pandemic, and incidents like the Conti leak only serve to democratise the methods used by cybercriminals to gain access to businesses. An ounce of prevention is worth a pound of cure when it comes to ransomware, so we encourage all businesses to constantly evaluate the security controls they have deployed rather than waiting for an incident to occur.”