In 2023, cyber insurance claims in North America surged to unprecedented levels, as reported by insurance broker Marsh. The firm received a staggering 1800 cyber claim reports from clients across the United States and Canada, marking a substantial increase from previous years. This surge was attributed to several factors, including the escalating sophistication of cyber-attacks, the widespread impact of the MOVEit file transfer supply chain incident, rising privacy claims, and the growing number of organizations opting for cyber insurance coverage.
Interestingly, approximately one-fifth of Marsh’s clients reported experiencing at least one cyber event in 2023, representing a slight uptick from the preceding year. Despite this increase, the proportion of covered companies reporting cyber events has remained relatively consistent over the past five years, fluctuating between 16% and 21%. Notably, the healthcare sector consistently recorded the highest number of cyber insurance claims over the period from 2020 to 2023, followed by communications, education, retail/wholesale, and financial institutions.
Furthermore, Marsh’s report revealed a significant rise in cyber extortion events, including ransomware attacks, with 282 clients reporting such incidents in 2023 compared to 172 in the previous year. This surge in cyber extortion events may be attributed to a shift towards data exfiltration by attackers and the emergence of new ransomware-as-a-service models. Despite the surge in median extortion payments from $335,000 to $6.5 million, the percentage of companies paying ransom demands decreased from 30% in 2022 to 23% in 2023, indicating a positive trend in mitigating ransomware attacks.
