Cyber claims increased 12% in the first half of 2023 thanks in large part to a 27% increase in ransomware claim frequency, according to Coalition’s latest Cyber Claims Report.
Ransomware accounted for 19% of all reported claims during the first six months of the year. Funds transfer fraud (FTF) accounted for 31% of all cyber claims, and business email compromise (BEC) accounted for 26% of all claims.
“The cyber threat landscape has become more volatile, and, as a result, we’ve seen claims become more severe and more common than ever,” Chris Hendricks, head of Coalition Incident Response, said in a statement.
In addition to the jump in frequency, ransomware claims severity reached a record-high with an average loss amount exceeding $365,000 – a 61% increase within six months and a 117% increase within one year.
Ransom demands in the first half averaged $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year. Coalition noted that 36% of policyholders paid a ransom in the first half, though the insurer negotiated the amount down to an average of 44% of the initial demand on behalf of clients.
The most prominent ransomware variants of the first half were BlackCat (12% of all reported variants), Royal (12%), and LockBit 3.0 (11%). LockBit 3.0 shot into third place after accounting for just 3% of all ransomware variants in the previous six-month period. Royal remained steady and BlackCat decreased slightly from 15%.
FTF claims frequency increased 15% in the first half, according to the report. FTF initial severity – which is calculated prior to recovery activities – increased by 39% to an average loss of more than $297,000. This was still well short of the historic high of $410,000 recorded in the first six months of 2021.
BEC claims frequency decreased by 15%, while severity dropped by 7% to an average loss of $21,000.
“Many of the [cyber] claims we received this year could have been prevented with stronger security controls and better cyber risk management decisions,” Coalition wrote in the report. About 14% of Coalition policyholders received at least one security alert regarding a critical vulnerability in the first half, and 47% of them successfully resolved the issue within 30 days of notification.
The firm recommended organizations implement multi-factor authentication on all critical accounts, maintain credible offline backups of critical business data, establish a formal procedure for electronic payments, patch all software and firmware regularly, and deprecate legacy and risky technologies.