Cyber insurer says ransomware attacks drove a spike in claim sizes
A report published Thursday by cyber insurance provider Coalition found that although its customers made fewer claims in the first half of 2024 than the same period a year earlier, the size of those claims increased 14% — to an average loss of $122,000.
The jump in losses was “driven by a spike in ransomware severity,” the company said, adding that threat actors “targeted larger businesses and reaped the benefits with increased paydays.”
The average loss for ransomware claims was $353,000 — a 68% spike compared to the same period during the previous year, Coalition said.
The report isn’t all bad news, however. Ransomware claims among businesses with between $25 million and $100 million in revenue steadily declined over the past 12 months, for example, though Coalition expects that number to tick back up during the winter months that often see a surge in hacker activity. Additionally, ransomware gangs are showing a willingness to negotiate ransoms down significantly — often to less than half of their original ask.
The average ransom demand in the first half of 2024 was $1.3 million, but certain groups like Play and BlackSuit are known for higher average ransom demands — often above $2.5 million.
About 40% of all Coalition policyholders paid ransoms after a ransomware attack.
Although ransomware had especially pricey claims, the report noted that business email compromise was still the leading brand of cyber event that companies filed claims on, accounting for almost a third of all reported claims in the first half of 2024.
BEC, ransomware and funds transfer fraud together accounted for nearly 75% of all reported claims in the first half of 2024.
Other reports show that ransomware gangs earned at least $400 million in the first half of 2024 from ransom payments.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.