According to a new report published today by Marsh, the number of companies in the US and Canada experiencing a cyber extortion event hit record numbers in 2023, with unprecedented ransom demands.
Yet, as cyber criminals have grown bolder in their requests, an increasing number of companies refused to pay, according to the report, Ransomware: A persistent challenge in cyber insurance claims, which analyzed more than 1,800 cyber claims submitted to Marsh in the US and Canada in 2023.
Overall, 21% of Marsh’s clients reported a cyber event in 2023, a vast majority of which were privacy claims and system attacks leading to unauthorized access and potentially exposed data. This has remained fairly consistent over the last five years — between 16% and 21% — demonstrating in part that companies’ cyber controls have kept pace with the growing sophistication and frequency of cyberattacks, Marsh said.
In 2023, however, a record 282 extortion events were reported to Marsh, a 64% increase from 2022. Although representing only 17% of all cyber claims filed, ransomware remains a top concern for organizations given their increased frequency, sophistication, and potential severity, Marsh said. Indeed, the median ransom demand soared to $20 million in 2023 from $1.4 million, while the median payment made was $6.5 million, reflecting the effectiveness of extortion negotiations, Marsh notes in the report.
Only 23% of Marsh’s clients impacted by a cyber extortion event in 2023, paid the ransom. A majority — 77% — refused, reflecting a growing trend. In 2021, only 37% of Marsh’s clients rejected cyber criminals’ demands.
“With the ever-increasing threat of ransomware and its far-reaching impact on diverse industries, it is imperative for clients to adopt a proactive stance in safeguarding themselves,” said Meredith Schnur, Cyber Practice Leader at Marsh, US & Canada. “To enhance their cyber resilience, organizations should proactively fortify defenses, implement robust security measures, and consider cyber risk across the enterprise, including potential economic and operational impacts, as well as cybersecurity at vendors and third parties.”
Marsh is the world’s leading insurance broker and risk advisor. With more than 45,000 colleagues advising clients in over 130 countries, Marsh serves commercial and individual clients with data-driven risk solutions and advisory services. Marsh is a business of Marsh McLennan (NYSE: MMC), the world’s leading professional services firm in the areas of risk, strategy and people. With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. For more information, visit marsh.com, and follow us on LinkedIn and X.