Skip to main content
close search
site logo
Dive Brief

Ransomware insurance claims jump back up

Published May 10, 2023
Alexei Alexis's headshot
Reporter
Hooded person types on computer in a dark room with multiple monitors and cables everywhere.
gorodenkoff via Getty Images

First published on

CFO Dive

Dive Brief:

  • The number of ransomware claims filed by U.S. clients of insurance broker Marsh spiked 77% in the first quarter of the year compared with the prior three-month period, the company told CFO Dive.

  • Marsh saw 55 ransomware claims from U.S. clients in the first quarter of the year versus 31 claims in the fourth quarter. The figures, which are expected to be published in an upcoming report, follow a downward trend in 2022 that had been credited with helping to moderate skyrocketing premiums in the cyber insurance market.

  • “I do think that we can still continue to see a deceleration of rate increases for those companies that have an optimal cyber risk maturity profile and have not suffered significant events that have caused the carriers to make claim payments,” Meredith Schnur, Marsh’s U.S. and Canada cyber brokerage leader, said in an interview.

Dive Insight:

Resilience, a San Francisco-based cyber insurance provider, has seen a similar uptick in ransomware claims, according to Amanda Bevilacqua, the company’s director of security engagement and claims.

One possible explanation for the resurgence is that ransomware purveyors based in Russia are now recalibrating after being temporarily preoccupied with the country’s war against Ukraine, which has involved the use of cyberattacks, Bevilacqua told CFO Dive.

“Money speaks louder than politics,” she said. “The theory is that those operators have run out of money, and they’re back now looking to fund their operations.”

With ransomware attacks, criminals use malicious software to prevent companies from accessing their own computer files, systems or networks, and they demand the payment of a ransom to have such access restored. Such attacks can also involve a threat to leak sensitive data to the public internet.

The first three months of 2023 saw a resurgence of ransomware activity, as major groups associated with it, including LockBit and Clop, executed mass attacks and new players joined the field, according to a recent report from Black Kite, a Boston-headquartered cybersecurity firm.

The number of victims publicized by ransomware gangs increased from 163 in January to 410 in March, the report said.

“While there were some signs of ransomware decreasing last year due to increased pressure from law enforcement and several ransomware groups shutting down, the last few months serve as a stark reminder that we are far from being in the clear,” Black Kite Chief Security Officer Bob Maley said in a press release. “As more ransomware groups exploit vulnerabilities in third-party vendors, businesses will be blindsided unless they continuously monitor their extended ecosystem for susceptibility indicators and the earliest warning signs of risk.”

Companies that have publicly disclosed ransomware attacks during the first few months of 2023 include KFC and Taco Bell parent company Yum! Brands, satellite cable provider Dish Network, hamburger chain Five Guys and produce giant Dole Foods.

The prevalence and severity of the ransomware problem has helped to make cybersecurity much more of a C-suite level issue within organizations in recent years, John Pearce, a cyber risk advisory services principal at Grant Thornton, a Chicago-based accounting firm, previously told CFO Dive.

Governments are paying close attention too. As part of a project known as the International Counter Ransomware Initiative, the U.S. and other nations have discussed the idea of banning ransomware payments.

In March, the White House released a report that identified ransomware as a national security threat.

According to Black Kite’s report, ransomware attacks experienced a period of “relative stagnation” throughout 2022 as international sanctions stemming from Russia’s invasion of Ukraine hindered the movement of ransom-related funds. In addition, increased pressure from law enforcement and successful joint operations against ransomware groups in 2021 and 2022 led to heightened caution among cybercriminals, the report said.

Last year also saw a deceleration of rising cyber insurance premiums, as fewer ransomware claims were filed. According to a Marsh report last month, premiums continued to moderate during the first quarter of 2023, with prices rising by 11% on average, compared with 28% during the fourth quarter.

Schnur said companies hoping for further stabilization of the cyber insurance market have reasons to remain optimistic, despite the recent resurgence of ransomware claims. She cited healthy competition in the sector resulting from new entrants as one example.

“I still think we’ll continue to see what I’ll call a stabilizing market,” she said.

Recommended Reading

Filed Under: Strategy, Threats

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell