Ransomware activity was a dominant source of cyber insurance claims in 2023, and, halfway through 2024 that, at least on the surface, appears to show no signs of abating.
Take, for example, the Change Healthcare cyberattack in February, which saw America’s biggest operator of health payment processing hit by a massive breach.
The incident was dubbed “the biggest security attack on the American healthcare system,” and its costs have been estimated to reach US$1 billion or more.
Another significant event is the hacking campaign against cloud data and analytics firm Snowflake, the scope of which remains unclear.
Meanwhile, earlier this month, Snowflake said it would wrap up its investigation into the breach, which victimized as many as 165 of its customers, including Ticketmaster and Santander Bank.
And just last week, a major retail software provider for auto dealers was hit by a cyber outage, according to a Reuters report. The outage affected dealerships across the US and Canada, including a portion of BMW Group dealers.
Still, while there have been notable attacks in 2024, Meredith Schnur (pictured), cyber practice leader at Marsh, said the overall trend points towards a more sporadic pattern rather than a steady increase or decrease in cyber incidents with Q1 data looking similar to 2023 and a potential reduction in activity this year. “2024 [cyber incidents] might be more sporadic, as opposed to a gradual uptick or stability,” Schnur said. But she also cautioned that the situation could change rapidly. “A lot of breaches and ransomware events can still happen,” she added.
Marsh’s latest cyber report shows that cyber insurance claims in North America hit record levels in 2023. The broker said it received 1,800 cyber claims from clients in the US and Canada, more than any other year.
The rise was driven by the growing sophistication of cyberattacks, the scale of the MOVEit file transfer data breach, privacy claims, and a rising number of organizations purchasing cyber insurance.
The report also revealed that ransomware continues to be a top concern for insurers and insureds alike despite accounting for less than 20% of total claims.
Despite the increase in ransomware claims last year, organizations saw a deceleration in insurance rates, according to Schnur. This reflects a “maturing market” where insurers are better understanding and pricing risks.
This shift indicates a more nuanced approach to underwriting, with insurers asking deeper questions to understand the threats better and price the risk more accurately.
Organizations’ resilience journeys are also playing a key part in the market’s evolution. According to Schnur, organizations are now better prepared to handle incidents than they were a few years ago. “They are much more exercised, practiced, and more resilient,” the cyber practice leader said.
Increased resilience not only helps organizations mitigate the impact of cyber incidents but has also influenced how insurers assess and price their policies.
Marsh’s report also revealed that cyber extortion events in North America reached a record high last year, with unprecedented ransom demands. The firm said it received 282 extortion event notifications in 2023, a 64% increase from 2022.
Of note, only a quarter (23%) of Marsh’s clients hit by a cyber extortion event paid a ransom while the majority (77%) refused. That’s compared to 37% of Marsh clients rejecting cyber criminals’ demands in 2021.
But Schnur warned that the profitability of cyber extortion would remain a significant driver of this scheme. “It is extremely lucrative and profitable to extort company systems and make that easy money,” said Schnur. “Until that opportunity goes away, we’ll continue to see cyber extortion attacks on organizations all over the world.”
Another significant trend is the rise of supply chain attacks, such as in the MOVEit and Snowflake events, where a single event can impact multiple parties. This correlated risk is becoming more common, leading to an increase in the number of affected companies from a single breach. “One event and one infiltration or ransomware event to one company give way to multiple parties being affected. This leads to the increase in the numbers as well,” said Schnur.
Amid the persistent threats, Schnur pointed to a silver lining: the noticeable shift in how organizations are managing their cybersecurity and building resilience. She underscored the importance of having robust mitigation strategies in place, even if prevention isn’t always possible.
“You have sprinklers because it doesn’t prevent the fire. But when the fire happens, you hope that it mitigates it,” she said.
Do you have something to say about cyber insurance trends? Please share your comments below.