Fewer ransomware claims, but significantly increasing in size

According to cyber insurance company Coalition, customers made fewer claims in the first half of 2024. However, the size of the claims increased significantly.

The average ransom demand in the first six months of 2024 was $ 1.3 million. Threat actors like Play and BlackSuit are known to ask higher ransom demands, in the ballpark of around $ 2.5 million and higher. The highest ransom payment demand in the first half of this year was $ 4.3 million.

The average loss for ransomware claims after negotiations amounted to $ 353,000, a spike of 68 percent compared to the same period last year. Researchers say threat actors “targeted larger businesses and reaped the benefits with increased paydays”.

The number of ransomware claims among businesses making between $ 25 million and $ 100 million in revenue steadily declined over the past 12 months. However, the cyber insurance company expects this number to go up in the coming months due to a surge in hacker activity.

“In general, ransomware has been fairly seasonal with consistent drop-offs in the summer months and spikes during winter holidays – a conscious attempt by threat actors to go unnoticed within a system at times when businesses are typically slower to react,” the report says.

Coalition uses the opportunity to promote its own services. According to the report, the insurance firm on average negotiated ransom demands down by 57 percent of the initial demand. About 40 percent of all Coalition policyholders decided to pay ransom after it became the victim of a cyberattack.

Business email compromise or BEC was the most filed claim during the first half of 2024, accounting for almost one third of all reported claims. BEC, ransomware and funds transfer fraud together accounted for nearly 75 percent of all claims during the first six months of the year.

According to Coalition, a total of 1.55 percent of all insured businesses were affected by ransomware, phishing mails or some other cyber incident. Overall, security incidents led to an average loss of $ 122,346, an increase of 14 percent compared to the second half of 2023, but about the same compared to the same period last year.

Coalition recommends businesses to use multi-factor authentication wherever they can and to make sure their software and firmware are up-to-date. This will help corporations and organizations to better protect themselves against cyberattacks, compromised credentials and known vulnerabilities.