Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020
Almost a quarter of all cyber insurance claims filed between 2016 and 2020 across continental Europe have been related to ransomware attacks, according to insurance giant Marsh.
The numbers are even higher when 2020 is analyzed alone, with almost a third (32%) of all cyber insurance claims filed last year being related to a ransomware incident, the company said in "The Changing Face of Cyber Claims 2021," a report that reviewed the Marsh cyber insurance business from the past half-decade.
With the market estimated to reach $20 billion by 2025, Marsh's data shows how much of a big factor ransomware attacks play in the cyber insurance business.
It is often the fear of ransomware attacks that drives new customers to insurance firms, but ransomware attacks are also the primary factors that account for most costs on the insurer's side.
These rising costs are usually caused by the victimized companies that choose to defer IT upgrade costs and lean on their insurance coverage to deal with a cyber attack's aftermath.
A report published by cyber insurer Coalition this June found that ransomware victims have been consistently choosing to pay ransom demands and cover costs through their insurance plans.
This, in turn, has had an effect on the market. A GAO report from May this year found that cyber insurance premium coverage plans have increased in recent years, with US government officials pinning the majority of the blame on ransomware incidents.
These costs are also about to get higher. Speaking in a video conference last month, AIG CEO Peter Zaffino also cited ransomware attacks as one of the primary reasons their company was planning to increase cyber insurance premiums by 40% across North America.
A month earlier, in July, Evan Greenberg, CEO of insurance firm Chubb, said that cyber insurance rates were failing to cover the costs generated by cyber-attacks, hinting at even more price hikes.
But the Marsh, Coalition, AIG, and Chubb reports are not surprising. In an interview with The Record earlier this year, a spokesperson for the REvil gang said the group was intentionally targeting companies that have cyber insurance, knowing they would have a greater chance of getting paid.
This is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.UNKN, spokesperson for the REvil ransomware gang
In response to these developments, insurers have banded together through industry groups like CyberAcuView and APCIA to strategize around the threat of ransomware and the spiraling costs associated with these intrusions.
What effect these meetings will have remains to be seen, but one thing is certain, and that's that cyber insurance premiums will rise, and ransomware has a big chunk of the blame.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.