Ransomware attacks ease after peaks in early 2021 – report

Ransomware attacks ease after peaks in early 2021 – report | Insurance Business Canada

Ransomware attacks ease after peaks in early 2021 – report

In its latest report, Corvus Insurance pointed to signs of improvement in overall cybercrime activity at the near end of 2021.

The report involves insights from data scientists, underwriters, cybersecurity professionals and claims managers on what is happening and what is to come for the cyber risk landscape after the recent peaks in the early quarters of 2021.

According to Corvus, the rate of ransomware claims in Q4 2021 reached just half of the peak seen in Q1 2021 from 0.6% to 0.3%. Aside from the major cybercrime events of the Microsoft Exchange Server vulnerability and the Kaseya ransomware attack, the overall severity of claims diminished.

The professional services industry experienced the most significant increase in ransomware costs, with the average claim standing at nearly $400,000 by Q4 2021. On the other hand, healthcare had zero claims in that same period.

Corvus also revealed fewer ransoms are being paid than those demanded. Historically, the percentages were over 50%, but Q4 2021 remained steady in the low twenties. As recent as Q3 2020, that percentage stood at 44%.

This lower cost and severity is driven by underwriting entities requiring more robust security features in order to be granted insurance coverage. Corvus’s earlier Policyholder Cybersecurity Benchmarking Survey revealed that small and medium-sized businesses (SMB) made more cyber investments in Q4 2021 than ever to stop external threats. Still, only 8% of the smallest businesses and 18% of the largest businesses have a dedicated cybersecurity budget.

“We are in the midst of a critical and challenging time for security professionals,” said Phil Edmundson, founder and chief executive officer of Corvus Insurance. “As the security landscape shifts and threat actors continue to evolve their attacks, this report provides the data-driven analysis critical for organizations to navigate and prepare for adverse events in this new cyber age.”