Cyber insurance coverage claims in North America reached document ranges in 2023, in keeping with insurance coverage dealer Marsh.
The agency obtained over 1800 cyber declare experiences from shoppers within the US and Canada, greater than another yr. It mentioned this improve was pushed by a variety of things:
- The rising sophistication of cyber-attacks
- The size of the MOVEit file switch provide chain incident
- Privateness claims
- An growing variety of organizations buying cyber insurance coverage
Round a fifth (21%) of shoppers reported a minimum of one cyber occasion in 2023, a small improve on 2022 (18%). The proportion of coated corporations reporting at a number of cyber occasions has remained comparatively constant over the previous 5 years, staying between 16% and 21%.
The healthcare business has constantly submitted the very best variety of cyber insurance coverage claims from 2020-2023, Marsh discovered.
Healthcare made up 17% of all claims final yr, adopted by communications (16%), schooling (9%), retail/wholesale (8%) and monetary establishments (8%).
Cyber Extortion Hits File Ranges
The report confirmed that 282 shoppers reported a minimum of one cyber extortion occasion, together with ransomware, in 2023. This was a big rise in comparison with 2022 when 172 corporations reported such occasions, which was decrease than the earlier two years.
One potential issue behind the resurgence in cyber extortion occasions is the rising shift in direction of information exfiltration away from encryption by attackers, and the emergence of a brand new ransomware-as-a-service (RaaS) mannequin.
Median extortion funds additionally surged in 2023 in comparison with 2022, rising from $335,000 to $6.5m. Median extortion calls for by risk actors elevated from $1.4m to $20m in the identical interval.
Marsh famous that extortion negotiations are efficient in lowering the ultimate ransom paid. Nevertheless, the proportion of the median demand paid elevated from 24% in 2022 to 32% in 2023.
Encouragingly although, the proportion of corporations that paid a ransom demand fell to 23% in 2023, down from 30% in 2022. This continued a longer-term pattern, with the proportion of victims that paid calls for far increased in 2020 and 2021 (68% and 63%, respectively).
Marsh emphasised that the proportion of cyber extortion claims has remained underneath 20% of complete reported cyber claims, with privateness claims and system assaults resulting in unauthorized entry and probably uncovered information with out an extortion element comprising a a lot bigger share.