Cyber Claims, Ransomware Attacks Reach Record Levels

Marsh reports record number of cyber claims in 2023, with ransomware demands soaring despite more companies refusing to pay.
By: | June 12, 2024
Topics: Cyber | Cyber Risks | News
ransomware

In 2023, cyber claims overall, and cyber extortion events in particular, reached record levels for companies in the U.S. and Canada, according to an analysis of cyber claims by Marsh. However, despite cybercriminals making unprecedented ransom demands, an increasing number of companies are refusing to pay the ransoms, Marsh found.

In 2023, Marsh clients in the United States and Canada reported a record-breaking 1,800 cyber claims, surpassing all previous years. Marsh attributed the surge to several factors, including the growing sophistication of cyberattacks, supply chain vulnerabilities highlighted by the MOVEit event, an increase in privacy claims, and a larger number of clients opting for cyber insurance coverage.

While ransomware incidents accounted for less than 20% of total cyber claims, they remain a primary concern for both insurers and insured parties due to their potentially severe financial impact, reputational damage, loss of market share, prolonged litigation, and regulatory scrutiny, the report noted.

Despite the evolving threat landscape, the percentage of clients reporting at least one cyber event has remained relatively stable over the past five years, ranging between 16% and 21%, according to Marsh. This consistency demonstrates that companies’ cyber controls have generally kept pace with the increasing sophistication and frequency of attacks, the broker said.

Although cyber events can affect organizations across all sectors, certain industries have been targeted more frequently. In 2023, the top five industries among Marsh clients affected by cyber events were healthcare, communications, retail/wholesale, financial institutions, and education.

Ransomware Events and Extortion Payments

In 2023, the number of clients reporting cyber extortion events reached an all-time high of 282, a significant increase from 172 in 2022 and surpassing the previous peak of 267 in 2021.

This increase in ransomware attacks was accompanied by unprecedented ransom demands, with the median ransom demand soaring to $20 million in 2023 from $1.4 million in 2022, as cybercriminals grew bolder in their demands. Similarly, the median extortion payment skyrocketed to $6.5 million in 2023 from $335,000 in 2022, Marsh found.

Interestingly, organizations had more success responding to and recovering from cyber extortion events in 2022 compared to 2023. The decision to pay a ransom is highly nuanced and situation-specific, with factors such as potential privacy liability, business interruption losses, and the sensitivity of exfiltrated data influencing the outcome, according to Marsh.

Despite the increasing severity of ransomware attacks, the percentage of companies paying ransom demands continues to decline, indicating a growing resilience and preparedness among organizations in the face of these threats. In 2023, 77% of companied declined to pay the ransom, up from 70% in 2022 and 37% in 2021.

Cybersecurity Strategies and Claims Management

As cyber risks continue to evolve, companies must remain vigilant in their efforts to protect their assets and reputation.

“With the ever-increasing threat of ransomware and its far-reaching impact on diverse industries, it is imperative for clients to adopt a proactive stance in safeguarding themselves,” said Meredith Schnur, cyber practice leader at Marsh, US & Canada. “To enhance their cyber resilience, organizations should proactively fortify defenses, implement robust security measures, and consider cyber risk across the enterprise, including potential economic and operational impacts, as well as cybersecurity at vendors and third parties.”

When a cyber claim does arise, the use of an insurer’s pre-approved panel of vendors can significantly improve the claims management process. According to Marsh, clients using their insurer’s pre-approved vendors can reduce the average time from event notification to receiving confirmation of coverage or first payment from more than 12 months when using non-panel vendors to just over 2 months when using a panel. This streamlined approach can help companies recover more quickly from a cyber incident and minimize the overall impact on their business.

View the full report on Marsh’s website. &

The R&I Editorial Team can be reached at [email protected].

More from Risk & Insurance