Ransomware Drives 12% Uptick in H1 Cyber Claims: Coalition

Source: Advisen | Published on September 22, 2023

Christie's ransomware

Cyber claims increased 12% in the first half of 2023 thanks in large part to a 27% increase in ransomware claim frequency, according to Coalition’s latest Cyber Claims Report.

Ransomware accounted for 19% of all reported claims during the first six months of the year. Funds transfer fraud (FTF) accounted for 31% of all cyber claims, and business email compromise (BEC) accounted for 26% of all claims.

“The cyber threat landscape has become more volatile, and, as a result, we’ve seen claims become more severe and more common than ever,” Chris Hendricks, head of Coalition Incident Response, said in a statement.

In addition to the jump in frequency, ransomware claims severity reached a record-high with an average loss amount exceeding $365,000 – a 61% increase within six months and a 117% increase within one year.

Ransom demands in the first half averaged $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year. Coalition noted that 36% of policyholders paid a ransom in the first half, though the insurer negotiated the amount down to an average of 44% of the initial demand on behalf of clients.

The most prominent ransomware variants of the first half were BlackCat (12% of all reported variants), Royal (12%), and LockBit 3.0 (11%). LockBit 3.0 shot into third place after accounting for just 3% of all ransomware variants in the previous six-month period. Royal remained steady and BlackCat decreased slightly from 15%.

FTF claims frequency increased 15% in the first half, according to the report. FTF initial severity – which is calculated prior to recovery activities – increased by 39% to an average loss of more than $297,000. This was still well short of the historic high of $410,000 recorded in the first six months of 2021.

BEC claims frequency decreased by 15%, while severity dropped by 7% to an average loss of $21,000.

“Many of the [cyber] claims we received this year could have been prevented with stronger security controls and better cyber risk management decisions,” Coalition wrote in the report. About 14% of Coalition policyholders received at least one security alert regarding a critical vulnerability in the first half, and 47% of them successfully resolved the issue within 30 days of notification.

The firm recommended organizations implement multi-factor authentication on all critical accounts, maintain credible offline backups of critical business data, establish a formal procedure for electronic payments, patch all software and firmware regularly, and deprecate legacy and risky technologies.