To ensure the X-Analytics Application remains current and produces reliable outcomes, the X-Analytics Research Team aggregates and analyzes historical and cyber risk intelligence data to calibrate backend variables within X-Analytics.
This update includes:
Threat
Industry Threat Baselines: +2.0% change
The industry threat baselines increased by an average of 0.2% since the last update.
Crimeware (including ransomware), Everything Else (including unknown and unclassified events), and Denial of Service Attacks are the top three threat categories (in order of most likely to least likely).
The increase in threat activity is mostly related to resetting to the 2024 baselines for error, physical theft and loss, cyber-espionage, denial of service attacks, and everything else (unknown and unclassified events). This is in addition to the resetting to the 2024 baselines for web application attacks, point of sale intrusion, misuse, crimeware (including ransomware), and payment card skimming. We applied the 2024 baselines to all industry verticals.
Threat Conclusion: The increase in threat activity will cause an increase in cyber exposure for some customers.
Data Breach Probability
Data Breach Probability Baseline: +7.1% change
Data breach probability baseline increased by an average of 7.1% since the last update.
This decrease is partially due a decrease in phishing, business email compromise, unknown or unclassified activity, and human error.
The average size of data breach is between 100k and 200k records.
Data Breach Conclusion: The increase in data breach probability will cause an increase in data breach cyber exposure for most customers.
Business Interruption
Business Interruption (DoS) Probability Baseline: +6.3% change
Business interruption (DoS) probability baseline increased by an average of 6.3% since the last update.
DDoS attacks less than 4-hour durations decreased by an average of 1.3%.
DDoS attacks between 4 hours and 12 hours increased by an average of 4.0%.
DDoS attacks between 12 hours and 24 hours increased by an average of 13.0%.
This increase is partially related to the increasing digitization of businesses (automating attacks are easier), political unrest, and ransom-based attacks that fuel attackers to attack for longer durations.
Business Interruption (Other) Probability Baseline: -3.4% change
Business interruption (Other) probability baseline decreased by an average of 3.4% since the last update.
The decrease in probability is partially related power outages, cloud service dependencies, and human error.
Business Interruption Conclusion: The increase in business interruption (DoS) probability and the decrease in business interruption (Other) probability will cause a decrease in business interruption cyber exposure for most customers.
Ransomware
Ransomware Probability Baseline: -5.9% change
Ransomware baseline probability has decreased by an average of 5.9% since the last update.
This decrease in probability is partially due to a decrease in the phishing-based attacks and software vulnerability attacks.
Ransomware Extortion: -34.0% change
Ransomware extortion (median impact) has decreased by 34.0% since the last update.
This decrease in extortion is partially due to a more companies refusing to pay the extortion and better negotiating tactics.
Additionally, attackers are initially demanding more reasonable extortions to prevent long negotiations and potentially non-payment outcomes.
Ransomware Conclusion: The decrease in ransomware probability and the decrease in ransomware extortion will cause a decrease in ransomware cyber exposure for most customers.
Misappropriation
Misappropriation Probability Baseline: +4.5% change
Misappropriation baseline probability has increased by an average of 4.5% since the last update.
The increase in probability is partially related to an increase in asset misappropriation schemes, which often include insiders and other third parties with privileges.
Misappropriation of Funds - % of Payments Related to Fraud: -8.4% change
The “% of payment transactions related to fraud” value has decreased by 8.4% since the last update.
This decrease is partially related to improve fraud countermeasures within the transaction process.
Misappropriation Conclusion: The increase in misappropriation baseline probability will cause an increase in misappropriation cyber exposure for most customers. However, the decrease in "% of payments related to fraud" will cause a decrease in misappropriation of funds for most customers.
If you have questions, please submit a contact your X-Analytics Customer Success team member.
Commentaires