Ransomware Insurance Claims Rise

Ransomware represented the number one cause of loss in a study of almost 6,000 cyber insurance claims, with the average ransom rising to $247,000 and the average incident cost up to $352,000 in 2020.

NetDiligence’s 11th annual cyber claims study evaluated 5,797 claims arising from incidents between 2016 and 2020. Across the five years of claims data, ransomware accounted for 32% of all incidents affecting small to medium enterprises (SMEs). Hacking incidents were a distant second at 10%, and business email compromise followed at 9%.

The study revealed that ransomware events accounted for 79% of claims with a business interruption (BI) expense, with an average BI cost of $446,000 in 2020 and an average BI cost of $316,000 over the five-year period. Ransomware events also caused 81% of claims involving recovery expense losses, according to the data.

Professional services firms were found to have the highest frequency loss over the last five years, followed by manufacturing, health care, technology, retail and financial services. The top five sectors account for 70% of claims and 74% of total incident costs. Professional services firms also contributed 32% ($229 million) of overall incident costs; this number is well above health care, which was 11%.

Claims costs range from less than $1,000 to over $120 million. Nearly all (99%) came from SMEs for a total of $537 million in losses, and the losses associated with the 1% of claims striking large businesses reached $727 million.

The averages include “some very expensive claims,” the authors of the report noted. For SMEs, six claims in the sample reached over $5 million, with one costing over $100 million. For larger companies, 10 claims featured costs between $15 million and $100 million. NetDiligence said it found no link between business size and the magnitude of a cyber loss, with the largest event affecting an SME.

“With ransomware again the number one cause of loss, we will be watching closely to see whether cyber policyholders, especially SMEs, deploy sufficient cybersecurity safeguards to reduce their ransomware exposure and qualify for ransomware coverage. If not, the challenge will be how we, as an industry, can help them get there,” said Mark Greisiger, NetDiligence president, in a statement.

As ransomware insurance claims rise, businesses must start taking these threats seriously.

Addressing Ransomware-as-a-Service Cyberthreat Concerns

The best way to minimize the growing threat of RaaS concerns at your organization is to make ransomware prevention and response measures a top priority. Remember that ransomware attacks are commonly deployed via phishing emails, deceptive links, dangerous websites, harmful attachments and malicious programs. With this in mind, here are some best practices for combatting ransomware attacks:

  • Secure your systems—First, it’s important to take steps to protect your organizational IT infrastructure from potential ransomware exposures. This may entail:
    • Using a virtual private network (VPN) for all internet-based activities (e.g., browsing and sending emails)
    • Installing antivirus software on all workplace technology
    • Implementing a firewall to block cybercriminals from accessing your organization’s VPN
    • Restricting employees’ access to websites that aren’t secure
    • Establishing email filters to keep phishing messages from reaching employees’ inboxes
    • Encrypting sensitive data on all organizational devices and routinely backing up this information
    • Limiting which employees receive administrative controls to prevent inexperienced staff from mistakenly downloading a malicious program
    • Regularly updating all organizational devices and security programs to ensure effectiveness
    • Developing a cyber incident response plan that adequately considers ransomware scenarios and practicing this plan with staff
  • Educate your employees—Next, be sure to train your employees on how to prevent and respond to a ransomware attack. Give your staff these tips:
    • Avoid opening or responding to emails from individuals or organizations you don’t know. If an email claims to be from a trusted source, be sure to verify their identity by double-checking the address.
    • Never click on suspicious links or pop-ups—whether they’re in an email or on a website. Similarly, avoid downloading attachments or software programs from unknown sources or locations.
    • Only browse safe and secure websites on organizational devices. Refrain from using workplace devices for personal browsing.
    • If you suspect a ransomware attack, contact your manager or the IT department immediately for further guidance.

We are here to help.

If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk. You can download a free copy of our eBook, or if you’re ready make Cyber Liability Insurance a part of your insurance portfolio, Request a Proposal or download and get started on our Cyber & Data Breach Insurance Application and we’ll get to work for you.