The cost of a cyber claim for small business owners increased by 58% in H1 2022, compared to the same period the year before.
That statistic comes in insurance provider Coalition’s twelve-page 2022 Cyber Claims Report: Mid-Year Update, which says that the average cost of such a claim has now reached $139,000.
However, the firm says that it and the broader insurance industry have seen a decrease in ransomware attack frequency and the amount of ransom demanded between the second half of 2021 and the first half of 2022. It also said that ransomware demands decreased from $1.37m in H2 2021 to $896,000 in H1 2022. Of the incidents that resulted in a payment, Coalition said it negotiated down to roughly 20% of the initial demand.
Catherine Lyle, head of claims at Coalition, said: “Across industries, we continue to see high-profile attacks targeting organizations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors. Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that Active Insurance is accessible.”
Coalition also say that most cyber incidents are triggered by phishing, accounting for 57.9% of claims, with funds transfer fraud (FTF) holding steady. The frequency of such claims, according to Coalition, has remained consistent at 0.59% in H1 2021, 0.61% in H2 2021, and 0.58% in H1 2022.
“However,” it wrote, “FTF severity has increased by 3% in the same period, continuing the 3-year trend of increasing FTF claims costs.”
The persistent vulnerability, said the firm, has been Microsoft Exchange.
It wrote: “In 2021, Microsoft disclosed an exploitable condition (ProxyLogon) that was found in publicly accessible Microsoft Exchange servers. During this time, approximately 1,000 Coalition policyholders were affected. We were able to notify and remediate the vulnerability for 98% of impacted policyholders within a week of the disclosure.”
It added: “In August of 2021, another vulnerability related to on-premises Exchange (ProxyShell) was discovered. Coalition developed a dedicated scanning module to handle Exchange events, which can report on the version of Exchange an organization is running. Using our Active Risk Platform, we continue to monitor externally visible data and notify our policyholders if they have exposed Exchange vulnerabilities. Based on our data set, since the discovery of this vulnerability, smaller organisations with on-premise Microsoft Exchange were 119% more likely to incur a claim than those using Exchange Online.”
The firm said that its report shows that how claims severity decreased by 8% for H1 2022 (compared to H2 2021) to an average loss of $175,258, and claims frequency decreased by 7% over the same period. It also said that manufacturing and industrial businesses related to the supply chain continue to top the charts as the most targeted industries. The data also shows a staggering 57% increase in claims frequency for non-profit policyholders.