Cyber Insurance Claims Spike Due to Ransomware


September 21, 2023

World map

A new report indicates a 12% spike in cyber insurance claims related to ransomware attacks over the first six months of 2023, with organizations having over $100 million in revenue seeing the largest increase (20%) as well incurring 72% increase in claim severity over 2H-2022.

“Ransomware claims in the first half 2023 grew by 27 percent from the second half of 2022. Claims severity also reached a record high, increasing 61 percent from the previous half and 117 percent over last year. Cybercriminals increased also their demands, the average ransom demand was $1.62 million, a 44 percent increase over the previous six months and a 74 percent increase over the past year,” Beta News reports.

Takeaway: Insurance companies have had a hard time finding the sweet spot for cyber insurance policies for both the insured and the insurer. Ransomware attacks vary in severity, and ransom demands range from tens of thousands to tens of millions of dollars.

Regulated data like personally identifiable information (PII) can be especially problematic from a liability perspective, and we are seeing more and more lawsuits following data loss events associated with ransomware attacks.  

Then there is the threat of losing intellectual property that could impact the viability and competitiveness in the market of a business, which is extremely hard to quantify, so likely not covered by cyber insurance policies.

As such, insurance customers are facing more restrictive policies with add-ons for covering ransomware-related losses, more comprehensive audits of security controls, and ever-increasing premiums, while insurance providers are facing a crunch on pricing the policies accurately to cover the losses they see in the real-world, which are continuing to grow.

More focus needs to be placed on "left of boom" issues like ingress and data exfiltration as well as what comes after "boom" so organizations can be positioned to respond efficiently and effectively.  

Detecting and blocking the ransomware payload is really important, but we know we can't be 100% on this, so if we put more emphasis on detecting and blocking what comes before the ransomware and what steps to take after it, this will go a long way to better quantifying risks and stabilize the very volatile cyber insurance market. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile (PDF).