Coalition, an active insurance provider aimed at preventing digital risks before they occur, has released its 2024 Cyber Claims Report: Mid-Year Update, which highlights new trends in cyber threats and their effects on Coalition policyholders in the first half of 2024.
One key finding from the report was a 68% increase in the severity of ransomware claims, with the average loss rising to $353,000.
“Although the frequency of using ransomware as an attack strategy actually decreased this half, we saw a marked spike in the severity and demand amounts, especially those associated with the Play and BlackSuit ransom variants,” added Rob Jones, Coalition’s Head of Claims.
“Despite the increase, we were able to cut ransom demands in half through successful negotiations by our affiliate Coalition Incident Response, but the facts remain clear: the use and impact of ransomware remains as volatile as ever.”
Ransomware demands made a strong comeback, while funds transfer fraud (FTF) experienced a slight drop, with frequency falling by 2% and severity by 15%. Despite the decrease, Coalition managed to recover $10.8 million in fraudulent payments for its policyholders.
The Mid-Year Update also pointed to a sharp rise in significant cyber risk aggregation events during the first half of 2024.
Attacks on Change Healthcare and CDK Global caused widespread disruptions for larger SMBs and mid-sized companies. The Change Healthcare breach impacted nearly 23% of healthcare firms with over $100 million in revenue, and 11% of those generating between $25 million and $100 million.
Separately, around 75% of auto dealerships with more than $100 million in revenue were affected by the CDK Global ransomware attack.
“As third-party risk continues to grow and aggregation events become part of the business lexicon, it’s equally important to spotlight how Coalition continues to take an active role in risk mitigation for policyholders,” further added Jones.
“We engage policyholders upfront to strategise ways to minimise business disruption, looking for alternative ways to help them solve near-term cyber risk problems, accomplish their business goals, and minimise the overall financial impacts of these cyber events through proactive response.”
The report highlighted several important trends. Claims severity rose by 14%, bringing the average loss to $122,000, largely due to a significant increase in ransomware impact. Cybercriminals focused on larger companies, resulting in higher payouts. At the same time, claims frequency dropped by 4%.
Business email compromise (BEC) remained the most frequent type of cyber incident, continuing a trend seen throughout 2023. The frequency of BEC attacks increased by 4%, accounting for nearly one-third of all cyber insurance claims.
Additionally, businesses relying on web-accessible applications were 3.1 times more likely to face a claim, as attackers actively searched online for easy entry points.
