Higher cyber defenses lead to higher ransoms, study finds

Businesses with cybersecurity insurance face significantly higher ransom payments compared to uninsured cases, researchers looking at Dutch victim data have discovered.

From 2019 to 2022, the average ransom demand in the Netherlands was €720,000, and one victim in five (21%) chose to actually pay it.

After analyzing 382 ransomware attacks reported to the Dutch Police or handled by an Incident Response (IR) company, researchers found apparent factors affecting ransom payments.

Insurance leads to higher ransom demands as businesses that had insurance, on average, paid €708,000 in ransoms. Those without insurance averaged a more modest €133,016.

In total, 75 uninsured victims paid €10 Million, while 33 insured victims directed €23.4 Million to cybercriminals.

Researchers also observed that 44% of insured victims opted to pay, as opposed to 24% when uninsured.

Data exfiltration is extremely costly, as the average amount paid in such cases was €1.2 Million, as opposed to €89,407 when no data exfiltration was confirmed.


The other significant factor was recoverable backups. Eighty-nine percent of victims with fully recoverable backups chose not to pay the ransom. Yet, in the remaining 11% of cases, the average sum reached a staggering €1.5 million, the highest among all scenarios. Meanwhile, businesses with no backups paid the lowest ransoms, averaging €50,600.

The researchers explained that businesses with more valuable data are more likely to employ backup systems, and the revenue size is another significant factor.

“Specifically, having insurance results in ransoms that are 2.7 times larger, data exfiltration corresponds to a 4.4 times increase in the ransom, and each 1% increase in a victim’s yearly revenue causes a 0.12% rise in the ransom paid,” they concluded after weighting the data.

They even drew a demand curve for willingness to pay a ransom. It shows that the willingness is 100% when the ransom is €500 and gradually approaches zero when the ransom demand rises to €10 Million and above.

“We see an approximate log-linear relationship between willingness to pay and demand with around 35% willing to pay a ransom of €100,000.”


The Dutch victims who chose to negotiate with cybercriminals spent, on average, 111 hours. However, the average negotiating time was four times lower when a ransom was actually paid, at 25 hours.

The study was mainly focused on a limited number of companies in the Netherlands. Therefore, generalizations may not apply to other countries.

More from Cybernews:

What to do when deep fakes break our trust

Taylor Swift deepfakes amass 47 million views on X

1.5M affected in insurance broker breach

NSA found illegally buying private data of Americans

Musk’s SpaceX sued for negligence by family of comatose worker

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked