Cost of cyber breaches predicted to surpass $5m per incident in 2023

Acronis, a provider of cyber protection, has released a cyber-threats and trends report for the second half of 2022 which found that phishing and the use of MFA fatigue attacks, an extremely effective method used in high-profile breaches, are on the rise.

The report found that threats from phishing and malicious emails have increased by 60% and the average data breach cost is expected to reach $5 million by next year. The research team who authored the report also saw social engineering attacks jump in the last four months, accounting for 3% of all attacks.

Leaked or stolen credentials, which allow attackers to easily execute cyber-attacks and ransomware campaigns, were the cause of almost half of reported breaches in H1 2022.

“The last few months have proven to be as complex as ever – with new threats constantly emerging and malicious actors continuing to use the same proven playbook for big payouts,” said Candid Wüest, Acronis VP of Cyber Protection Research.

“Organisations must prioritise all-encompassing solutions when looking to mitigate phishing and other hacking attempts in the new year. Attackers are evolving, using some of the tools, like MFA, that we rely on to protect our employees and businesses against us.”

Middle East and Africa cybersecurity landscape

As the Middle East region continues to grow its digital ecosystem, Acronis says that solid cybersecurity strategies remain a top priority on the back of heightened data breaches. According to security analysts, breaches reported in the Kingdom of Saudi Arabia, for example, could reach an average of $7 million as the country continues to report one out of five attacks to be ransomware.

With the average cost of ransomware attacks increasing every year, factors such as weak credentials, phishing emails and unpatched vulnerabilities remain the top cyber-attacking vectors. In the UAE, targeted organisations lost over $1.4 million in ransomware, forcing over 40% of the impacted companies to shut down. Following this worrying trend, the UAE Cyber Security Council announced the adoption of stringent cybersecurity standards to safeguard the country’s digital space. 

Other key findings:

• The market of ransomware operators was dominated by four to five players
• The number of ransomware incidents decreased slightly in Q3, after a high during the summer months. From July to August, Acronis saw a 49% increase in blocked ransomware attacks globally, followed by a decrease of 12.9% in September and 4.1% in October
• There is a shift towards more data exfiltration as the main actors are continuing to professionalise their operations. Most of the large players have expanded to MacOS and Linux and are also looking at the cloud environment
• Spam rates have increased by over 15% — reaching 30.6% of all inbound traffic