Americas

  • United States

Asia

Oceania

mhill
UK Editor

US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks

News
Sep 20, 20233 mins
Insurance IndustryRisk Management

Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000.

The frequency and severity of cyber insurance claims rose for businesses in the first half of 2023 amid ransomware, funds transfer fraud (FTF), and business email compromise (BEC) attacks. That's according to Coalition's 2023 Cyber Claims Report: Mid-year Update, which aggerates US claims and incident data. The insurance provider found that companies with over $100 million in revenue saw the largest increase (20%) in the number of claims as well as more substantial losses from attacks, with a 72% increase in claims severity compared to the second half of 2022.

The cyber insurance landscape is becoming progressively complex. As the frequency and severity of attacks increase, demand for and conditions relating to coverage have evolved. Policies are becoming more diverse, intricate, expensive, and harder to qualify for, presenting CISOs and their organizations with new challenges and considerations for optimal cyber insurance investment.

Last month, research from cybersecurity company Delinea revealed that the time and effort required to obtain cyber insurance is increasing significantly for US organizations, with the number of companies requiring six months or more rising year over year. The research highlighted a significant gap between insurance carriers and businesses that are scrambling to get affordable, comprehensive coverage, while many organizations are continuing to invest in cybersecurity solutions to meet requirements for cyber insurance policies.

Ransomware, FTF, BEC impact claims frequency, severity

Overall claims frequency increased by 12% in the first half of 2023, while claims severity increased by 42% with an average loss amount of more than $115,000, according to Coalition's report. FTF (31%), BEC (26%), and ransomware (19%) attacks were key drivers.

Ransomware claims frequency increased by 27% in 1H 2023, with the largest contributor to this spike a significant increase in frequency during May, Coalition said. Ransomware claims severity reached a record-high with an average loss amount of more than $365,000, a 61% increase within six months and a 117% increase within one year, according to the report. Ransom demands increased, too, with the average demand in 1H 2023 $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year. Interestingly, 36% of Coalition policyholders opted to pay a ransom in the first half of this year.

FTF claims frequency increased by 15% in 1H 2023, while severity increased by 39% to an average loss of more than $297,000, Coalition said. The report cited the growing sophistication of threat actors and their tactics as a contributing factor in the upward trend in FTF claims activity. "The longer a threat actor remains in an email account after compromise, the more difficult it becomes to recognize and report abnormal activity - and they appear more willing to wait for the right moment to intercept or redirect large payments."

In contrast to ransomware and FTF, BEC claims frequency decreased by 15% in 1H 2023, while severity decreased by 7% to an average loss of $21,000, the lowest amount in recent years, according to Coalition.

mhill
UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author