The 2024 Cyber Claims Report: Mid-Year Update published by cyber insurance and security service firm Coalition revealed that ransomware attacks dropped a bit in H1 of 2024, but ransomware attack severity increased.
Coalition reviewed claims made on cyber insurance plans from January 1, 2024 to June 30, 2024. Claims by companies with under $25 million in income dropped by 4% with average losses of $73,000 per case. However, claim amounts went up for all other companies. Claims by companies with $25 million to $100 million in revenue went up by 23%, with average losses of $129,000 per case. Claims by businesses with $100 million and up in revenue increased by 140% with average losses of $307,000 per case. Although overall claims severity in H1 of 2024 increased by 14%, mostly due to greater ransomware attack severity, Coalition found the lowest number of claims since H2 of 2022.
There was a small decrease in ransomware-linked claims in H1 of 2024 with a 68% increase in the severity of attacks. Ransomware attacks were one of the most costly cyberattacks, having average losses of $353,000 per case, higher than the average losses of $239,000 in the second half of 2023 but lower than H1 of 2023’s average loss of $402,000. About 40% of insurance policyholders who experienced a ransomware attack opted to give ransom payments in H1. When the Coalition bargained with ransomware groups, the initial demand was lower by an average of 57%. The two ransomware groups that required the largest ransom payments were Play (average of $4.3 million) and Blacksuit ($2.5 million). The two groups were very active in H1, overtaking LockBit, which had to deal with a law enforcement campaign and seizure of its infrastructure.
The ransomware attacks at Change Healthcare and CDK Global caused major disruption in H1. The ransomware attack on Change Healthcare impacted 11% of healthcare companies having revenues from $25 million to $100 million in revenue, and 24% of companies having revenues over $100 million. The ransomware attack on data and technology provider CDK Global impacted the automotive industry particularly 75% of auto dealers having over $100 million in revenue.
The coalition stated ransomware activity in H1 of 2024 followed a steady pattern like preceding years. Ransomware groups normally execute more attacks in winter compared to summer, particularly during the holidays like Thanksgiving and Christmas because of less staffing and fewer chances of identifying their attacks before they realize their goals. Although ransomware attacks on healthcare companies with $100 million and up in revenues decreased by 32% in H1, attacks increased by 134% since H1 of 2023.
The top three reasons for filing claims against cyber insurance plans were ransomware attacks, which is 18% of claims; fund transfer fraud (FTF), which is 27% of claims; and business email compromise (BEC) attacks, which is 32% of claims. The regularity of BEC-related claims went up by 4%, which the Coalition says is partly because of using AI tools. Although the number of BEC-associated claims increased, the severity of the attacks diminished by 30%, having an average loss of $26,000. The most common reason for claims (62%) was data breaches due to non-encryption of systems.
Coalition determined a number of factors that elevated the odds of a claim. The greatest risk was compromised logins for websites or apps, which made claims thrice more likely. Companies that utilized Cisco Adaptive Security Appliances (ASA) were 5.1 times more likely to file a claim compared to other companies, suggesting that malicious actors are intentionally targeting vulnerabilities in ASA systems. FortioOS SSL VPN users were 2.8 times more likely to file a claim, and companies with SonicWall firewalls were 1.8 times more likely to file a claim. These numbers emphasize the importance of keeping firmware updated, implementing multifactor authentication, and HIPAA compliance. Other high-risk technologies that elevated the possibilities of a claim include Remote Desktop Protocol (1.7x), Microsoft Remote Procedure Call (2.3x), EOL Microsoft Internet Information Services (2.4x), and Remote Desktop Web Access (2.7x).
Image credits: zephyr_p, AdobeStock
