Ransomware: A persistent challenge in cyber insurance claims

New York, NY (July 1, 2024) – Understanding cyber claims trends helps to inform an effective risk management strategy for one of the signature risks in today’s tech-driven society. Analysis of the 1,800+ cyber claims submitted to Marsh in the US and Canada in 2023 reveals the following:

  • 21% of clients that purchased a cyber policy reported an event in 2023, consistent with the percentage over the past five years.
  • In 2023, events were driven by factors including increased sophistication of cyberattacks; the MOVEit event, highlighting supply chain vulnerabilities; and privacy claims.
  • Healthcare, communications, retail/wholesale, financial institutions, and education remain in the top five of most affected industry sectors.
  • Ransomware represented less than 20% of claims reported, but remained a top concern for organizations given their increased frequency, sophistication, and potential severity.
  • In managing claims, it’s important to follow proper procedures, including notifying insurers, brokers, and other stakeholders and maintaining proper documentation.
  • Organizations’ cyber resilience strategy should incorporate a view of cyber risk across the enterprise, including its potential economic and operational impact and taking account of cybersecurity at vendors and other third parties.

With cyber risk firmly embedded as a key concern for organizations of all sizes, effective risk transfer is an increasingly important piece of a successful cyber risk management strategy. In turn, it’s important for companies to both understand and properly manage their potential cyber claims in support of risk transfer.

In 2023, Marsh clients in the US and Canada reported more than 1,800 cyber claims, more than in any previous year. These include claims under cyber, tech and telecom errors and omissions (E&O), and media coverage.

The increase was driven in part by the growing sophistication of cyberattacks; the MOVEit event, which highlighted supply chain vulnerabilities; privacy claims; and the increasing number of Marsh clients purchasing cyber insurance. As it has for several years now, ransomware — though accounting for less than 20% of the total cyber claims — remains a top concern for insurers and insureds alike due to its potentially significant financial impact, reputational harm, loss of market share, long-tail nature of litigation, regulatory scrutiny, and more.

Percentage of clients reporting cyber events holds steady 

The annual percentage of clients reporting at least one cyber event has remained fairly consistent over the past five years, between 16% and 21%. The consistency shows, in part, that companies’ cyber controls have kept pace with the growing sophistication and frequency of cyberattacks.

Cyber events can happen to any organization, but specific industries have been targeted more often than others over time. The top five industries among Marsh clients to be affected by cyber events has remained consistent; in 2023 they were healthcare, communications, retail/wholesale, financial institutions, and education.

Although the average cost has increased for breach response expenses — consisting of privacy counsel, computer forensics, and, if necessary, notifications — the median cost has remained relatively constant. During the last five quarters, the median cost of breach response expenses remained around $160,000, while the average has trended upwards, from $963,000 in the third quarter of 2023 to $1 million in the fourth quarter, primarily due to a few large cyber events.

Ransomware events remain a top focus

Ransomware attacks remain central to most cyber risk discussions as they continue to increase in frequency, sophistication, and severity and remain the dominant cyber threat to many organizations’ daily operations, long-term finances, reputation, and more.

Along with ransomware claims, overall cyber claims reporting also increased in 2023. Since rising rapidly in 2020, the number of reported ransomware events has remained under 20% of total reported cyber claims from Marsh clients for the past two years (see Figure 4). This means that privacy claims and system attacks leading to unauthorized access and potentially exposed data without an extortion component comprise a much larger share of cyber events reported by Marsh clients than do those with an extortion component.

Read more

Read the full report with charts and figures.

About Marsh

Marsh is the world’s leading insurance broker and risk adviser. With more than 45,000 colleagues operating in 130 countries, Marsh serves commercial and individual clients with data-driven risk solutions and advisory services. Marsh is a business of Marsh & McLennan Companies (NYSE: MMC), the leading global professional services firm in the areas of risk, strategy and people. With annual revenue over US$20 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses: Marsh, Guy Carpenter, Mercer, and Oliver Wyman. For more information, visit MMC.com.


Tags: , ,