In 2023, the number of cyber-insurance claims hit a record high, with insurance broker Marsh receiving over 1,800 claims from the US and Canada. According to Marsh, this surge in claims can be attributed to various factors, including the increasing sophistication of cyberattacks, privacy claims, a rising number of organizations investing in cyber insurance, and the fallout from the MOVEit file transfer supply chain breach.
Among the sectors hit hardest by cyber incidents, healthcare emerged as the most affected, accounting for 17% of all claims. Following closely behind were communications (16%), education (9%), and retail/wholesale (8%). Financial institutions also felt the impact, representing 8% of the claims. This widespread impact demonstrates the pervasive nature of cyber threats across various industries.
In a concerning trend, Marsh noted that 282 clients reported at least one cyber-extortion event in 2023, a significant increase from the previous year when only 172 clients reported such incidents. The median extortion payment also saw a drastic increase, jumping from $335,000 in 2022 to approximately $6.5 million in 2023. Moreover, extortion demands from threat actors surged from $1.4 million to $20 million during the same period, highlighting the escalating threats faced by organizations.
Despite the alarming rise in cyber incidents, Marsh highlighted a glimmer of hope in the form of effective negotiation strategies for extortion payments. The data revealed that companies that engaged in negotiations were able to reduce their final ransom payments. This proactive approach led to a decrease in the percentage of companies paying ransoms, dropping from 30% in 2022 to 23% in 2023. This shift signifies a growing awareness among organizations about the importance of adopting strategic measures to combat cyber threats.
Overall, Marsh’s findings underscore the worsening cyber landscape characterized by the relentless activities of threat actors. However, the data also points towards the effectiveness of mitigation strategies such as negotiation in mitigating the impact of cyber incidents. As organizations continue to navigate the evolving cyber threat landscape, proactive risk management and resilience-building measures will be crucial in safeguarding against cyber risks and ensuring operational continuity.