New research indicates that ransomware attack and payment claims are in decline as resiliency takes priority for organizations. Credit: Bubaone / Simon2579 / Getty Images New data highlighting fluctuations relating to ransomware attack and payment claims indicates significant shifts in the cyberthreat landscape. Could such variations trigger changes in the cyber insurance market and, if so, how will they impact insurance carriers and organizations?Shifting ransomware priorities impacting claim costsThe findings come from Corvus Insurance’s Risk Insights Index, which analyzes cyber risk mitigation and claims data, with the commercial insurance firm’s data suggesting that the costs associated with ransomware claims are notably shifting. It discovered that while there was a rise in ransomware claims from Q2 2020 through Q1 2021, they dropped by 50% in Q2 2021, a trend that largely sustained through Q3 2021. Furthermore, ransomware claims resulting in a ransom payment shrank from 44% in Q3 2020 to just 12% by Q3 2021.The firm surmised that the changes were due to improved focus on preparedness and resiliency by policyholders, with strategies such as effective data backup management allowing for better and more efficient ransomware recovery. The research also suggested that technology vendors with larger customers have more incentive to prevent and recover from a ransomware attack due to the potential legal ramifications of an outage. For example, a company with 250 or more employees is 216% more likely to sue their tech vendor than a company with 10 or fewer employees, and twice as likely as a company with 11-50 employees, the data showed.Will changing ransomware trends affect cyber insurance?The findings indicate clear changes in ransomware claim trends, but how could they impact the cyber insurance market moving forward? Might the price of policies alter to reflect the drop in ransomware attack and ransom claims? Likewise, will companies be rewarded with better deals if they put greater focus on ransomware prevention and recovery? “The overall business continuity strategies associated with these trends will likely be viewed favorably by the cyber insurance market,” says Lori Bailey, chief insurance officer at Corvus Insurance. “Not only does it show that companies are taking proactive measures to mitigate this risk, but it also indicates an overall general trend towards greater cyber resiliency as part of the risk management process which should reduce loss costs in the future,” she tells CSO.Trent Cooksley, COO at SMB cyber insurance provider Cowbell Cyber, says that cyber insurance is a market in transition, and the cyber risk assessments conducted by insurers are increasingly thorough and innovative to help build better, more flexible, and tailored coverage for policyholders based on their cyber risk posture. “Tighter partnerships between insurance and cybersecurity vendors to incentivize businesses to deploy the most important security controls, not only to obtain insurance coverage, but to also keep organizations secure, is certainly paying off and should continue to reap rewards in the year ahead across the insurance market,” he says. AI-based continuous risk assessment and risk aggregation techniques are starting to pay off, either by limiting the scope of damages, preventing incidents in the first place, or supporting refined risk selection, Cooksley adds. “The next 12 months will continue to usher in a wave of transformation.”However, BreachQuest CTO Jake Williams urges consideration of other factors that may be behind some of the data noted by the research. “Given the law enforcement actions against REvil, it’s not surprising that ransomware claims have dropped off in Q2 and into Q3. The statistic that ransomware claims involving payment dropping in Q3 is undoubtedly correct, though there may be some misattribution of the cause,” he tells CSO.Williams cites advice from the Office of Foreign Assets Control on the risks associated with paying ransoms as one example. “Stakeholders are increasingly asking whether they have potential liability by paying. This undoubtedly is modifying the decision calculus. While better preparation may account for some changes, there are other factors likely at play.” Related content news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO CSO and CISO C-Suite news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities opinion Cybersecurity professional job-satisfaction realities for National Cybersecurity Awareness Month Half of all cybersecurity pros are considering a job change, and 30% might leave the profession entirely. CISOs and other C-level execs should reflect on this for National Cybersecurity Awareness Month. By Jon Oltsik Oct 03, 2023 4 mins CSO and CISO Careers feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO Advanced Persistent Threats Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe