Severity of ransomware attacks increases by 68 percent
A new report from insurance provider Coalition finds that that ransomware claims severity spiked by 68 percent in the first half of 2024 to an average loss of $353,000.
While high ransomware demands have come back into vogue, funds transfer fraud (FTF) has also seen a notable decrease in both frequency (two percent) and severity (15 percent).
"Although the frequency of using ransomware as an attack strategy actually decreased this
half, we saw a marked spike in the severity and demand amounts, especially those
associated with the Play and BlackSuit ransom variants," says Rob Jones, Coalition's head of
claims. "Despite the increase, we were able to cut ransom demands in half through
successful negotiations by our affiliate Coalition Incident Response, but the facts remain
clear: the use and impact of ransomware remains as volatile as ever."
Attacks on Change Healthcare and CDK Global occurred in the first half of 2024 resulting in widespread third-party business disruption to larger SMBs and mid-market companies. Nearly 23 percent of healthcare businesses with more than $100 million in revenue were impacted by the Change Healthcare attack, as were 11 percent of those organizations with between $25 million and $100 million in revenue. Separately, nearly 75 percent of auto dealers with more than $100 million in revenue were impacted by the CDK Global ransomware event.
"As third-party risk continues to grow and aggregation events become part of the business
lexicon, it’s equally important to spotlight how Coalition continues to take an active role in
risk mitigation for policyholders," adds Jones. "We engage policyholders upfront to
strategize ways to minimize business disruption, looking for alternative ways to help them
solve near-term cyber risk problems, accomplish their business goals, and minimize the
overall financial impacts of these cyber events through proactive response."
Among other findings overall claims severity increased by 14 percent to an average loss amount of $122,000, largely driven by the spike in ransomware severity. Threat actors have targeted larger businesses and reaped the benefits with increased paydays. Overall claims frequency though decreased by four percent.
Continuing a steady trend that spanned all of 2023, the frequency of business email compromise attacks events increased by four percent and accounted for nearly one-third of all cyber insurance claims. Due to threat actors trawling the internet for easy access, businesses using web-accessible applications are 3.1 times more likely to experience a claim.
You can get the full report from the Coalition site.
Image credit: 8vfand/Dreamstime.com