Cyber insurance ransomware claims decline but costs remain high

Research from commercial insurance provider Corvus reveals that the cost of ransomware to businesses remains high.

Ransomware claims that resulted in payments to fraudsters are down though, mostly due to improved backup processes and greater preparedness. In the third quarter of 2020, 44 percent of ransomware claims involved a successful payment, but that decreased to just 12 percent by Q3 of this year.

Ransomware attacks remain expensive, however, as the average cost of an attack for 2021 remains steady at $142,000.

For technology vendors, a cyberattack linked to their products or services can result in major costs from defending lawsuits brought by customers who suffered outages or lost data as a result of the incident -- and this is on top of any first-party remediation and recovery efforts. A company with 250 or more employees is 216 percent more likely to sue their tech vendor than a company with 10 or fewer employees, and twice as likely as a company with 11-50 employees.

"Over the past few years, the cybersecurity landscape has completely erupted with sophisticated forms of cyber attacks, creating many challenges for today's security professionals," says Phil Edmundson, founder and CEO of Corvus Insurance. "This report provides the analysis needed to empower organizations to continue enhancing their offerings and keep our world safe from destructive threat actors."

Among other findings Corvus observed a 65 percent reduction in the rate of ransomware claims among new policyholders following the implementation of a mandatory check for accessible RDP prior to providing insurance.

The company also notes a 158 percent increase in the usage of email security software across the technology industry, contributing to the reduction of incidents caused by threats like phishing.

The full report is available from the Corvus site.

Image Credit: FuzzBones/Shutterstock