In its newly released 2022 Cyber Claims Report, Coalition has revealed that fewer claims were made in the first half of this year as the frequency and severity of ransomware attacks plummeted – but that doesn’t mean organisations are safe.
Ransomware demands fell from US$1.37 million in H2 2021 to US$896,000 in H1 2022. Manufacturing and industrial businesses related to the supply chain remain the most targeted victims, while non-profit policyholders note a shocking 57% increase in claims frequency.
Chris Hendricks, head of incident response at Coalition, said this good news comes as “organisations [become] increasingly aware of the threat ransomware poses.” In fact, Coalition policyholders experienced 50% fewer claims compared to the broader market. The severity of these claims has also waned, with almost half of the incidents resolved at no cost.
“They have started to implement controls such as offline data backups that allow them to refuse to pay the ransom and restore operations through other means,” Hendricks said.
However, the lower effectivity rate of ransomware attacks has caused hackers to turn to more “reliable” phishing methods like funds transfer fraud (FTF) to target individual employees. The percentage of claims with phishing as the primary attack vendor jumped from 42% in H2 2021 to 58% in H1 2022.
Small- to medium-sized organisations under $25 million in revenue are asked to be more vigilant since they have fewer resources to respond to attacks. H1 2022 saw the average cost of a claim for a small business increase 58% to US$139,000.
“Across industries, we continue to see high-profile attacks targeting organisations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors,” Catherine Lyle, head of claims at Coalition, said. “Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that active insurance is accessible.”
With ransomware gangs on the rise, Coalition warned that cyber incidents have the power to put small organisations out of business, which is why they need an active approach to managing risk.
“Our claims data on the top cyber incident trends reinforces the need for continued vigilance from organisations of all sizes,” Coalition wrote in the report. “Cyber criminals have created a profitable revenue model that is here to stay.”