lock

Cyber insurance claims spiked in first half of 2023 as ransomware attacks surged: report

A cyber insurance firm reported a significant jump in the number of claims during the first half of the year, adding that damages caused by attacks has also increased.

An analysis from San Francisco-based Coalition found that ransomware was the “largest driver of the increase in claims frequency,” which was up 12% on last year through the end of June. Overall, ransomware was involved in nearly 1 in 5 cyber incidents involving insurance claims, with Royal, BlackCat and LockBit 3.0 the three most common variants.

May was a particularly busy month, involving “the most ransomware claims in a single month in Coalition history.”

Screen Shot 2023-09-21 at 1.39.58 PM.png
Image: Coalition

“After trending downward for 18 months, ransomware appeared to have fallen out of favor among threat actors,” the report’s authors wrote. “However, recent spikes in both the frequency and severity of ransomware claims indicate threat actors are unwilling to pass up on such highly lucrative attacks.”

Ransomware victims reported an average loss of more than $365,000, a huge jump from the previous record amount of more than $227,000 in the second half of last year.

While it’s typically impossible to know how much companies end up paying ransomware groups, Coalition’s data does help to get a sense of the amount and frequency of payments. The average ransom demand was $1.62 million — up 74% over the past year. According to the report, 36% of Coalition’s policyholders facing an attack did pay ransoms “when reasonable and necessary,” which through negotiations were lowered on average to 44% of the original amount demanded by the attackers.

Large companies with more than $100 million in revenues bore the brunt of the ransomware spree, seeing a 20% rise in the frequency of overall cyber incidents. That corresponded with a rise in claims severity of more than 70%, to $236,779.

Screen Shot 2023-09-21 at 1.40.20 PM.png
Image: Coalition

Funds transfer fraud

Also highlighted in Coalition’s cyber insurance claims data was the prevalence of funds transfer fraud (FTF) — when cybercriminals redirect an online money transfer towards their own coffers. Overall, transfer fraud claims were up 15% in the first half of the year, with severity increasing 39% to an average loss of just under $300,000. That amount is still less than the record of $410,000 in the first half of 2021.

“The growing sophistication of threat actors and their tactics is a contributing factor in the upward trend in FTF claims severity,” they wrote. “The longer a threat actor remains in an email account after compromise, the more difficult it becomes to recognize and report abnormal activity — and they appear more willing to wait for the right moment to intercept or redirect large payments.”

One of the lone bright spots thus far is the decrease in claims related to business email compromise (BEC). Their frequency dropped 15% and their severity 7%, to an average loss of $21,000.

As cyberattacks have grown in frequency and cost for targeted organizations, the cyber insurance industry has expanded dramatically. The insurance group Howden recently predicted the cyber insurance market would expand to $50 billion by 2030. That market has been volatile in recent years, with premiums skyrocketing, but 2023 has seen cyber premiums remain largely stable.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
James Reddick

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.