Ransomware, on the other hand, saw a decline to 16%, from 23% of incidents in the preceding quarter, Kroll noted, possibly because of the law enforcement takedowns of ransomware-as-a-service organizations such as LockBit and BlackCat.

Insider threats mostly malicious

Insider threats, the report said, are hitting professional services hardest, accounting for 23% of incidents, with financial services (14%) and technology and telecom (11%) following. But, it observed, incidents involving technology and telecom were most likely to be insider threats.

“With most technology providers working with multiple downstream customers, an insider with access to multiple technology providers may have the ability to cascade malicious activity to clients, posing the risk of a supply chain attack,” it said. And virtually all insider threat incidents – 90% of them, in fact – were deemed to be intentional, and thus malicious. Kroll said, “This highlights the importance of insider threat not being overlooked as a threat incident type by companies.”