3 trends set to drive cyberattacks and ransomware in 2024

Ransomware activity was up 50% year-on-year during the first half of 2023.

Ransomware activity was up 50% year-on-year during the first half of 2023. Image: Getty Images

Scott Sayce
Global Head of Cyber Insurance , Allianz Commercial
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: World Economic Forum Annual Meeting
  • Ransomware attacks saw a sharp increase once again in 2023.
  • AI and the increase in mobile connected devices provide further areas of vulnerability for cybercriminals to exploit.
  • Early detection can reduce the cost of breaches up to a thousandfold.

Following two years of high but stable activity, 2023 has seen a worrying resurgence in ransomware and extortion losses, as the cyberthreat landscape continues to evolve. Hackers are increasingly targeting IT and physical supply chains, launching mass cyberattacks, and finding new ways to extort money from businesses, large and small. It’s little wonder that our customers and clients rank cyber risk as their top concern in the annual Allianz Risk Barometer survey.

Ransomware activity alone was up 50% year-on-year during the first half of 2023 with so-called Ransomware-as-a-Service (RaaS) kits, where prices start from as little as $40, a key driver in the frequency of attacks. Gangs are also carrying out more attacks faster, with the average number of days taken to execute one falling from around 60 days in 2019 to four. Most ransomware attacks now involve the theft of personal or sensitive commercial data for the purpose of extortion, increasing the cost and complexity of incidents, as well as bringing greater potential for reputational damage. Our analysis of large cyber losses (€1 million+) in recent years shows that the number of cases in which data is exfiltrated is increasing – doubling from 40% in 2019 to almost 80% in 2022, with activity in 2023 tracking even higher.

Have you read?

Protecting an organization against intrusion therefore is a cat and mouse game, in which the cybercriminals have the advantage. Threat actors are now exploring ways to use artificial intelligence (AI) to automate and accelerate attacks, creating more effective malware and phishing. Combined with the explosion in connected mobile devices and 5G-enabled internet of things (IoT), the avenues for cyberattacks look only likely to increase in future.

Successful ransomware attacks targeting data are on the rise.
Successful ransomware attacks targeting data are on the rise. Image: Allianz

Our global team of risk engineers regularly monitors the cyber landscape, assisting companies with mitigating emerging risks. Future threats currently on our radar include:

1. The power of AI

Threat actors are already using AI-powered language models like ChatGPT to write code. Generative AI can help less proficient threat actors create new strains and variations of existing ransomware, potentially increasing the number of attacks they can execute. We expect an increased utilization of AI by malicious actors in the future, necessitating even stronger cybersecurity measures.

Voice simulation software has already become a powerful addition to the cybercriminal’s arsenal. There was the case of the CEO of a British energy provider transferring around $250,000 to a scammer after they received a call from what they thought was the head of the unit’s parent company, asking them to wire money to a supplier. The voice was generated using AI. Deepfake video technology designed and sold for phishing frauds can also now be found online, for prices as low as $20 per minute.

It is not all bad news though. We might see more AI-enabled incidents in the future, but investment in detection backed by AI should also help to catch more incidents earlier.

2. Mobile devices expose personal and corporate data

Lax security and the mixing of personal and corporate data on mobile devices, including smartphones, tablets and laptops, is an attractive combination for cybercriminals. During the pandemic, many organizations enabled new ways of accessing their corporate network via private devices, without the need for multi-factor authentication (MFA). This also resulted in a number of successful cyberattacks and large insurance claims.

Criminals are now targeting mobile devices with specific malware to gain remote access, steal login credentials, or to deploy ransomware. Personal devices tend to have less stringent security measures. Utilizing public wi-fi on such devices can increase their vulnerability, including exposure to phishing attacks via social media.

The rollout of 5G technology is also an area of potential concern if not managed appropriately, given it will power even more connected devices, including sophisticated applications – from driverless cars to smart cities. However, many IoT devices do not have a good record when it comes to cybersecurity, are easily discoverable, and will not have MFA mechanisms, which, together with the addition of AI, presents a serious cyberthreat. Even today, we see devices with default passwords that are available on the internet.

Most cyberattacks are the result of poor security letting in external threat actors.
Most cyberattacks are the result of poor security letting in external threat actors. Image: Allianz

3. Cybersecurity skills shortage

A growing shortage of professionals will increasingly complicate cybersecurity efforts. The current global cybersecurity workforce gap stands at more than 3 million people, with demand growing twice as fast as supply. Gartner predicts that a lack of talent or human failure will be responsible for over half of significant cyber incidents by 2025.

In short, because technology is moving so fast, there are not enough experienced people to keep pace with the threats. It’s very hard to get good cybersecurity engineers, which means companies are more exposed to cyber events. Without skilled personnel, it is more difficult to predict and prevent incidents, which could mean more losses in the future. The shortage of cybersecurity experts also impacts the cost of an incident. Organizations with a high level of security skills shortage had a $5.36 million average data breach cost, around 20% higher than the actual average cost, according to the IBM Cost of a Data Breach Report 2023.

The importance of early detection

Preventing a cyberattack is becoming harder, and the stakes are higher. As a result, early detection and response capabilities and tools are becoming ever more important. If you have an undetected loophole in your network, it is a potential Achilles heel. And if you do not have effective early detection tools, it can lead to longer unplanned downtime, increased costs and have a greater impact on customers, revenue, profitability, as well as your reputation.

The lion’s share of IT security budgets is currently spent on prevention with around 35% directed to detection and response. However, if undetected, an intrusion can quickly escalate, and once data is encrypted and/or stolen, the costs snowball – as much as 1,000 times higher than if an incident is not detected and contained early; the difference between a €20,000 loss turning into a €20m one.


How is the Forum tackling global cybersecurity challenges?

Looking forward, detection tools will be the next logical step for most companies to invest in. Ultimately, early detection and effective response capabilities will be key to mitigating the impact of cyberattacks, as well as ensuring a sustainable cyberinsurance market going forward.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityForum Institutional
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

How the Internet of Things (IoT) became a dark web target – and what to do about it

Antoinette Hodes

May 17, 2024


About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum