In its newly released 2022 Cyber Claims Report, Coalition has indicated that fewer claims were made in the first half of this year as the regularity and severity of ransomware attacks fell – but that doesn’t mean institutions are safe.
Ransomware demands fell from US$1.37 million in H2 2021 to US$896,000 in H1 2022. Manufacturing and industrial businesses pertained to the supply chain remain the most targeted victims, while non-profit policyholders note a shocking 57% increase in claims regularity.
Chris Hendricks, head of incident response at Coalition, said this good news comes as “organizations [become] increasingly aware of the threat ransomware poses.” Coalition policyholders experienced 50% fewer claims compared to the broader market. The severity of these lawsuits has also waned, with almost half of the occurrences resolved at no cost.
“They have started to enforce controls such as offline data backups that allow them to refuse to pay the ransom and restore undertakings through other means,” Hendricks said.
However, the lower beneficial rate of ransomware attacks has caused hackers to turn to more “reliable” phishing methods like funds transfer fraud (FTF) to target individual employees. The proportion of claims with phishing as the primary attack vendor jumped from 42% in H2 2021 to 58% in H1 2022.
Small- to medium-sized institutions under $25 million in revenue are asked to be more attentive since they have fewer resources to respond to attacks. H1 2022 saw the average cost of a claim for a small business increase 58% to US$139,000.
“Across industries, we proceed to see high-profile attacks targeting organizations with weak or exposed infrastructure — which has become worsened by today’s remote working culture and companies’ dependence on third-party vendors,” Catherine Lyle, head of claims at Coalition, said. “Small industries are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is crucial, and they must understand that active insurance is accessible.”
With ransomware gangs on the rise, Coalition warned that cyber occurrences have the power to put small organizations out of business, which is why they need an active strategy to manage risk.
“Our claims data on the top cyber incident trends reinforce the need for continued vigilance from organizations of all sizes,” Coalition wrote in the announcement. “Cyber criminals have created a profitable revenue model that is here to stay.”