UK companies filed more cyber insurance claims last year than any other bar 2023, with ransomware breaches largely to blame, according to Marsh.
The global insurance broker’s 2024 UK cyber insurance claims trends report is based on an analysis of claims submitted by Marsh UK clients.
It found that claims last year decreased 20% compared to 2023, but were still around one-third higher than in 2020, 2021 and 2022.
Marsh said claims may have been unusually high in 2023 due to the impact of the MOVEit campaign. A larger number of insurers are also demanding prospective clients improve their security posture before offering coverage, which is helping to make them more secure, it added.
Read more on cyber insurance: Cyber-Insurance Market to Be Worth Over $90bn by 2033
In 2024, claims increased in the: communications, media, and technology; retail and wholesale; power and utilities; and financial institutions sectors.
“While financial institutions and professional services consistently notify a higher number of incidents, it is important to note that these sectors also hold a high proportion of cyber-insurance policies,” the report noted.
“They continue to be targets due to the wealth of data they hold and are also highly vulnerable to outages due to the complex third-party supply chains they have.”
Marsh revealed the biggest driver of claims remains ransomware – especially opportunistic attacks designed to gain access to sensitive data and exfiltrate it as quickly as possible.
Ransomware-related claims last year were double that of 2020, 2021 and 2022, the report claimed.
Ransom demands are increasing as victim numbers decrease, but threat actors are meeting a more professional response these days, the report continued.
“As threat actors experienced fewer paydays, they aimed to maximise the profitability of successful attacks,” it said.
“However, extortion negotiations involving ransomware experts remained generally effective, often resulting in reductions of over 60% from the initial demands to the final payment.”
Firms Refuse to Pay
Overall, fewer organizations are electing to pay their extortionists, for several reasons.
“Many no longer felt compelled to pay a ransom, as they had secure backups that eliminated the need for a decryption key. Sometimes, their cybersecurity measures detected the threat actor in the act, preventing encryption, therefore allowing for quicker recovery,” the report explained.
“The reputational consequences of suffering a ransomware attack are also increasingly perceived as less severe than in the past, given their prevalence. As a result, organizations were less concerned about being publicly identified as ransomware victims and so did not succumb to the pressure to pay solely to prevent ‘naming and shaming’ or dissemination of the information on the dark web.”
Perhaps in desperation, some ransomware groups are threatening executives and their families with physical violence if they don’t pay up, Marsh warned.
“Threat actors accessed home addresses and phone numbers due to the breach, causing genuine fear and anxiety for the individuals and their families,” it said.
No tags.
