In 2023, cyber-insurance claims surged to record levels, with over 1,800 claims reported from the US and Canada, according to insurance broker Marsh. This increase is attributed to the growing sophistication of cyberattacks, heightened privacy concerns, and a rise in organizations purchasing cyber insurance. Notably, the MOVEit file transfer supply chain breach significantly contributed to the uptick in claims.
Among the various sectors, healthcare experienced the highest number of claims at 17%, followed by communications at 16%, education at 9%, retail/wholesale at 8%, and financial institutions at 8%. The number of clients reporting cyber-extortion events rose sharply in 2023, with 282 incidents compared to 172 in 2022. This surge reflects a broader trend of increasing extortion activities.
Extortion payments also saw a dramatic increase, with median payments rising from $335,000 in 2022 to around $6.5 million in 2023. Additionally, extortion demands escalated significantly, growing from $1.4 million to $20 million during the same period. This rise in both payments and demands underscores the escalating threat landscape.
Despite these challenges, Marsh noted that negotiating extortion payments has become more effective in reducing final ransom amounts. The percentage of companies paying ransoms decreased to 23% in 2023 from 30% in 2022, indicating some improvement in managing and mitigating the impact of cyber extortion.
Reference: