Average ransomware demands up 36% last year to $1.4m: Coalition

Email attacks account for half of cyber claims in 2023

Cyber insurer Coalition saw claims frequency among its policyholders rise 13% last year, with more than half of all losses emanating from emails, overtaking ransomware as the biggest weak point. Average losses from a cyber claim totalled $100,000 in 2023, up 10%, and average ransomware demands rose 36% to $1.4m.

The firm’s 2024 Cyber Claims Report is based on data from its US, UK, Canadian and Australian clients. It finds that more than half (56%) of all 2023 claims were a result of funds transfer fraud (FTF) or business email compromise (BEC). Coalition says email security is a critical aspect of cyber risk management.

“Threat actors want to get paid, and the email inbox has proven to be an easy place for an attacker to uncover payment information and potentially intervene in payment processes to steal funds,” says Robert Jones, Coalition’s head of global claims.

Coalition says cyber claims increased across insurance buyers of all sizes, although businesses with between $25m and $100m in revenue saw the sharpest spike in 2023, up 32%. FTF claims saw the largest spike, up 15% to account for 28% of total claims, and also booked the largest average losses at $278,000. BEC claims also accounted for 28% of Coalition total cyber claims in 2023 after a 5% rise.

Ransomware claims accounted for 19% of all Coalition cyber claims in 2023, with the number of claims up 15%. Average losses from a ransomware event stood at $263,000, up 28%.

Coalition records average ransom demands up 36% to almost $1.4m, with 40% of its clients opting to pay. But the company said it helped clients negotiate ransom demands down by an average 64%.

“Following historic lows in 2022, ransomware severity spiked in H1 2023 to more than $369,000. However, as ransomware payments hit $1bn globally, Coalition’s ransomware severity dropped 54% in the latter half of the year to an average of nearly $170,000,” the company said.

Coalition recovered $38m from fraudulent transfers for its clients last year.

It also reveals an increased risk of cyberattack for organisations using firewalls, virtual private networks and other boundary devices used to reduce cyber risk. Coalition says its data shows an increased likelihood of a cyber claim for clients using some boundary devices with known vulnerabilities. In particular, clients using internet-exposed Cisco ASA devices were nearly five times more likely to experience a claim in 2023, while businesses using Fortinet devices were twice as likely to report a claim.

“Policyholders using internet-exposed remote desktop protocol were 2.5 times more likely to experience a claim,” said Shelley Ma, incident response lead at Coalition Incident Response. Coalition identified a 59% increase in unique IP addresses scanning for open remote desktop protocol last year.

“With new AI tools making it even easier to execute targeted cyberattack campaigns and identify exploitable assets, having an active partner that can help protect your organisation from digital risk is crucial,” Ma said.

Back to top button