Data suggests Russia-Ukraine conflict impact on cyber threats

Julia Varley of Pinsent Masons was commenting after data analysed by Pinsent Masons found that the number of cyber incidents that their advisers in cyber incident response were instructed on in the first six months of last year fell. They said the fall is consistent with what has been reported elsewhere in the cyber incident response market.

“The momentum and dynamic of cyber attacks underwent a period of change in 2022 which constituted a notable shift from the picture developing over more recent years, when cyber attacks had been on the constant increase,” said Varley.

“Like many of our peers in cyber incident response, and colleagues across the cyber insurance sector, we noted a decrease in the number of incidents on which we were supporting clients. The decrease in activity generally coincided with the early stages of the Russian invasion of Ukraine; one theory being that this was caused by cybercriminals shifting to focus on targeting opposing national infrastructure rather than for financial gain. The war also impacted upon other elements of the cyber ecosystem, such as adding further complexity to the due diligence regarding sanctions risks, which must be undertaken at the point of paying a ransom,” Varley said.

Despite the cyber threat landscape being more suppressed than in previous years, ransomware cases continue to rise. Ransomware cases accounted for 45% of the matters Pinsent Masons’ cyber risk team advised on in 2022 – a significant increase compared to 31% in 2021.

The increase in ransomware cases ensured Pinsent Masons reported a steady rise in cyber incident cases over the second half of 2022. However, more widely, according to the European Union Agency for Cybersecurity’s (ENISA’s) 2022 report on the cyber threat landscape, whilst ransomware remains one of prime cyber threats, phishing remains the most common technique cyber criminals use when initiating cyber attacks.

In the UK, data published by the UK’s Information Commissioner’s Office (ICO) provides an insight into the common types of personal data breaches experienced by organisations. According to the ICO’s most recent report concerning personal data breaches notified to it up to mid-way through 2022, the greatest proportion of incidents reported stem from data being emailed to an incorrect recipient. Ransomware and phishing rank joint five most incident type.

Pinsent Masons reported fewer cases it was engaged in involved notification to the ICO in 2022 compared to 2021: 72% in 2021 and 36% in 2022. However, Varley said that though there were fewer notifications, there has been significantly increased regulatory scrutiny.

“This reflects a change in approach following the new information commissioner taking-up post and any remaining sympathy for the impact of Covid and for the victims of ransomware wearing thin,” said Varley. “We have, in particular, seen increased regulatory scrutiny around ransomware attacks. This is also demonstrated by the fines issued to Tuckers Solicitors and Interserve Group Limited in 2022, both of which were victims of ransomware attacks.”

“We have also seen increased questioning from the ICO in response to notification, in some matters receiving up to 50 questions, spread over multiple rounds of correspondence, during the course of an investigation compared to up to 20 questions we were observing in 2021,” Varley said.

According to the data analysed by Pinsent Masons, the highest volume of queries from the ICO were received in relation to the data affected by the incident. Pinsent Masons also said that the ICO had been quicker to make a determination on cases notified to it in 2022 than it had been in 2021, with a third of all notifications being determined within 10 days.

Varley said: “No doubt in response to the high profile proliferation of ransomware and other debilitating cyber attacks on businesses over the past few years, we have noted a very significant increase in the number of organisations proactively seeking to improve their cybersecurity posture, both technically and from an incident response capability. We have been supporting organisations, from single-site UK companies to multinational companies with global presence, with their cyber readiness programmes.”