NetworkTigers discusses the rise in ransomware-related claims highlighted by an analysis of cyber insurance claims.
Cybercrime trends come and go, but one costly and dangerous hack has gained prevalence over the first half of 2023. Across multiple industries, ransomware-related claims have increased as companies report being pressured into paying millions of dollars to hackers and cybercriminals who have gained access to sensitive material.
Understanding ransomware-related claims
Ransomware is a kind of malware that can find its way onto your system through a variety of methods, including phishing, smishing, vishing, the download of poisoned files, Remote Desktop Protocol (RDP), leaked or abused credentials, or backdoors discovered through software vulnerabilities. Ransomware, once downloaded, usually works to prevent the user from accessing specific files, holding them hostage through remote encryption until a payment is made to decrypt them.
Ransomware can work in many different ways. In some, hackers gain access to internal systems or even external functions, such as a company’s website, and shut down access to data until money is transferred. In others, ransomware scam artists infiltrate third-party vendors to steal personal, private, or financial data and threaten to leak or publish the information online unless a ransom is paid within a specific time window. For this reason, ensuring that everyone who gains access to operating systems, even maintenance technicians, IT repair or installation professionals, and third-party vendors, maintains adequate cybersecurity protocols is essential to avoiding ransomware hacks and leaks.
Ransomware-related claims trends in 2023
Ransomware has come back into vogue for cybercriminals over the first half of 2023, with industries and companies as diverse as shipping, casinos, hospitals, schools, and more reporting record losses. A recent analysis of cyber insurance claims from Coalition revealed that ransomware claims have grown in frequency and severity over as short a period as Q1 of 2023. From the end of 2022 through the first half of 2023, ransomware-related cybersecurity insurance claims saw a 27% rise. The severity of the claims reported paints an even bleaker picture. Ransomware claims severity increased 61% from the previous half year and a whopping 117% from 2022 to the survey period in 2023.
The average ransom demand reported was $1.62 million, a 74% increase from 2022 to 2023 and a nearly 50% increase over six months.
Placing ransomware spikes in context
The significant spike in ransomware claims is part of a larger trend toward more frequent and damaging cybercriminal activity. The same analysis of cyber insurance industry trends reflected a 12% rise in claims from losses due to cybercriminal activity during just the first six months of 2023. The vast majority of this rise in claims is linked to increased ransomware and additional funds transfer fraud (FTF) on the rise.
Who is reporting the biggest losses due to cybercrime?
According to the analysis, the frequency of reported claims and the amount lost or stolen rose for businesses across all revenue bands. This means that cybercriminals may not discriminate as much based on business size and revenue share for whom they target. All fish in the pond may be fair game when facing increased ransomware attacks, phishing, and fraud transfer fund efforts.
However, companies with over $100 million in reported revenue saw a more significant 20% increase in cybercriminal claims and a 72% increase in claims severity from 2022 to 2023.
Previous spikes in ransomware activity
These results dovetail with other reports from cybersecurity analysts who predict ransomware, and more will continue to rise in the near future. A Cybersecurity Ventures study estimates that the global cost of cybercrime is predicted to shatter an $8 trillion ceiling in 2023. Importantly, ransomware attacks are expected to make up an enormous portion of that financial loss. In 2021, US financial institutions alone lost nearly $1.2 billion in ransomware and associated costs with ransomware attacks. To place this number in context, this represented close to a 200% increase from the previous year. Ransomware and other extortion tactics have continued to grow exponentially when it comes to cybercriminal efforts.
Update your ransomware defense strategy
Ransomware attacks can happen to anyone, although larger businesses and industries have reported the biggest losses in the first half of 2023. Taking steps like enabling multi-factor authentication, endpoint encryption, and following up on industry-specific vulnerabilities and previous breaches can help businesses of all sizes and scopes protect themselves more effectively from ever-increasing ransomware efforts.
