Cyber Incident? Get Help

Coalition’s 2022 Cyber Claims Report: ransomware & FTF on the rise

2022 Claims Report Header

Today’s digital economy has driven massive change in business, especially during the pandemic. These same forces have amplified, accelerated, and complicated digital risks for organizations of all sizes. As the world's first Active Insurance company, Coalition has unique, first-hand insight into the increasing pace, severity, and evolution of cyber attacks. Now we’re sharing these latest findings in our 2022 Cyber Claims Report.

This new report reveals and explores the incidents that led to claims from Coalition policyholders over the second half of 2021. We also look at how Coalition’s customers fared through such events, backed by our active protection and response capabilities. Back by this data, we also examine current trends and offer predictions for cyber risk in 2022. As a brief overview of this report, there are a few key results that stand out:

Five key takeaways from the 2022 report

1. Average ransom demand increased over 20% to $1.8 million during the later half of 2021. This rise was driven and made more complex by the emergence of several aggressive new ransomware variants, including LockBit 2.0, REvil, and Conti. Although the average ransom demand increased, the average payout Coalition made for ransomware claims decreased 16%, thanks to our active response capabilities and our team’s efforts to help policyholders negotiate ransoms and recover data backups.

2021 Claims Severity chart

2. Small businesses were disproportionately impacted. In 2021, cyber criminals targeted an increasing number of smaller organizations. Overall claims severity rose 56% for small organizations under $25 million in revenue. We also saw a dramatic rise in claims frequency, with a 40% jump in ransomware attacks and 54% increase in funds transfer fraud attacks. Small organizations were also increasingly susceptible to the surge in attacks to supply chains and digital infrastructure — including Microsoft Exchange and Log4j.

3. Funds transfer fraud (FTF) skyrocketed 78% over 2020. Using social engineering techniques such as business email compromise (BEC), threat actors can gain access to an organization’s email system, stealthily modifying contacts and payment instructions. The first half of 2021 saw a huge surge in initial losses — to an average of $388,000 — before adjusting for funds recovered by Coalition’s incident response teams. Although the average initial loss decreased by 11% to $347,000 in the second half of 2021, the year still ended with a 78% increase in initial losses compared to 2020.

2021 FTF Recovery graph

4. Many incidents came via 3rd-party vendors’ attacks. 2021 was a year of aggregate digital risks. While traditional firewall and VPN solutions used to provide businesses with moat-like protection, today’s common remote-work/hybrid culture and companies’ dependence on partners (like IT service providers, online software, or other cloud-based services) has created an additional layer of cyber risk. As cyber criminals successfully attack a vendor's digital perimeter, they can victimize a large number of connected organizations at once. Several high-profile attacks against vendors included: Mimecast, Kaseya, and Microsoft Exchange.

5. Coalition’s Active Insurance approach protected policyholders. As the world’s first Active Insurance company, Coalition combines the power of technology and insurance to help organizations identify, mitigate, and respond to digital risks. In the first half of 2021, our policyholders experienced 70% fewer claims than the industry average, and we expect to soon show similar results for the entirety of 2021 once industry data becomes available. We even solved 46% of all reported incidents at no cost to our policyholder. Furthermore, Coalition policyholders continue to experience less than one-third the frequency of claims as the broader cyber insurance market.

Active Insurance reduces incidents before they become claims

By providing expert support before, during, and after cyber incidents, Coalition’s Active Insurance keeps policyholders safer — reducing their exposure to new cyber incidents and responding quickly to resolve issues when they do occur. Our unique methodology includes:

  • Active Risk Assessment: With an accurate profile of near-real-time risk, we can more accurately price coverage, speed up the quoting process and identify potential issues that most traditional insurers and many insurtechs never see.

  • Active Protection: With an accurate profile of your digital systems and ongoing scans, we’re able to alert customers when new vulnerabilities to your software are discovered and work with your IT owner to get them resolved quickly.

  • Active Response: When potential incidents occur, our Incident Response and Claims teams can be granted fast access to our digital records to help you solve the issue and get back up and running faster than ever.

Predictions for the future of cyber risk

Informed by our continuous scanning and analysis of digital threats, Coalition’s 2022 Cyber Claims Report also offers unique insights into what potential risks are likely to be prevalent throughout 2022. From the hardening of the cyber insurance market, to increased government scrutiny regarding cybersecurity, to the evolution of supply chain attacks and other novel threats, this latest iteration of the report will again prove to be an invaluable tool for insurance brokers and insured organizations.

Download the full 2022 Cyber Claims Report now to see all the details, including how specific industries were affected and to learn ways you can help reduce exposure to cyber threats. If you are a broker currently appointed with Coalition (or you’re a Coalition policyholder), you can access the full report from the Resources section of your Coalition Control dashboard.