Ransomware Largest Driver of Cyber Insurance Claims in the Last Five Years

Ransomware represented the number one cause of loss in a study of almost 6,000 cyber insurance claims, with the average ransom rising to $247,000 and the average incident cost up to $352,000 in 2020.

NetDiligence’s 11th annual cyber claims study evaluated 5,797 claims arising from incidents between 2016 and 2020. Across the five years of claims data, ransomware accounted for 32% of all incidents affecting small to medium enterprises (SMEs). Hacking incidents were a distant second at 10%, and business email compromise followed at 9%.

The study revealed that ransomware events accounted for 79% of claims with a business interruption (BI) expense, with an average BI cost of $446,000 in 2020 and an average BI cost of $316,000 over the five-year period. Ransomware events also caused 81% of claims involving recovery expense losses, according to the data.

Professional services firms were found to have the highest frequency loss over the last five years, followed by manufacturing, health care, technology, retail and financial services. The top five sectors account for 70% of claims and 74% of total incident costs. Professional services firms also contributed 32% ($229 million) of overall incident costs; this number is well above health care, which was 11%.

Claims costs range from less than $1,000 to over $120 million. Nearly all (99%) came from SMEs for a total of $537 million in losses, and the losses associated with the 1% of claims striking large businesses reached $727 million.

The averages include “some very expensive claims,” the authors of the report noted. For SMEs, six claims in the sample reached over $5 million, with one costing over $100 million. For larger companies, 10 claims featured costs between $15 million and $100 million. NetDiligence said it found no link between business size and the magnitude of a cyber loss, with the largest event affecting an SME.

“With ransomware again the number one cause of loss, we will be watching closely to see whether cyber policyholders, especially SMEs, deploy sufficient cybersecurity safeguards to reduce their ransomware exposure and qualify for ransomware coverage. If not, the challenge will be how we, as an industry, can help them get there,” said Mark Greisiger, NetDiligence president, in a statement.

For more risk management and insurance guidance, contact us today.