US cyber insurance claims have risen by 12% in the first half of 2023, driven by a surge in ransomware and funds transfer fraud (FTF), according to Coalition, Inc. and reported by CSO Online. The severity of claims has also increased by 42%, with an average loss amount of over $115,000. Ransomware-related claims have seen a frequency increase of 27%, with May recording the highest number of ransomware claims in Coalition’s history. Furthermore, the severity of ransomware-related claims reached a record high in the first half of 2023, exceeding $365,000. Within the six-month period, ransomware claims severity increased by 61%, skyrocketing to over 115% year-on-year.
These statistics indicate an alarming trend of increased vulnerability to cyber attacks. Ransomware, FTF, and business email compromise (BEC) attacks are identified as the leading causes of cyber insurance claims. Companies, particularly those with revenues over $100 million, are becoming more susceptible to such attacks.
The surge in cyber-attack activities is likely to result in rising insurance costs as insurance companies respond to the increased frequency and severity of cyber attacks. This could also lead to the implementation of more complex policies, further driving up costs for businesses.
The dynamics of attacks are changing, with ransomware and FTF incidents rising while BEC attacks see a decline in frequency and severity. This indicates that cyber attackers are refining their techniques for ransomware and FTF, while defensive measures against BEC attacks may be improving.
Businesses are recognizing the importance of cybersecurity investments not only to protect their digital assets but also to qualify for cyber insurance policies. The close relationship between cybersecurity preparedness and insurance policy compliance suggests that companies understand the need for robust security measures.
Interestingly, 36% of Coalition policyholders have opted to pay the ransom. This decision may be driven by the acknowledgment that the costs associated with not paying could be greater than the ransom amount or due to the absence of proper backups and systems to restore operations without payment.
The shift in strategy by threat actors, who are becoming more patient and tactical in their attacks, poses additional challenges for companies in terms of detection and mitigation.
To navigate this evolving threat landscape, businesses are advised to continue investing in cybersecurity measures, segment their networks to prevent lateral movement, provide regular training to employees on cyber threats, ensure robust backup and recovery solutions are in place, and periodically re-evaluate their insurance policies to ensure comprehensive coverage at the best rates available.
In conclusion, businesses must adapt and strengthen their cybersecurity measures to mitigate the risks posed by the evolving cyber threat landscape. Staying informed about the changing dynamics of cyber insurance is also crucial for businesses to effectively manage their insurance needs.