Ransomware attack costs rising sharply in 2024, cyber insurer warns


The average ransom demand has now reached $1.3 million, with some variants asking for up to $4.3 million for a decryptor.

The severity of ransomware attacks spiked by 68% in the first half of 2024, compared with the previous six months, a new report by cyber insurance provider Coalition reveals. The average loss after negotiations amounted to $353,000.

However, this figure is 12% lower than during the first half of 2023, when the average loss reached $401,766.

ADVERTISEMENT

“Among ransomware events that resulted in a payment, Coalition successfully negotiated the amount down by an average of 57% of the initial demand,” the report reads.

In the first half of this year, one in 280 insured businesses had been affected by ransomware, and the frequency decreased by 10%. Ransomware frequency has been relatively stable in the US, while Canada has experienced a 34% increase.

Two ransomware variants, Play and BlackSuit, demanded noticeably higher ransoms than the average: $4.3 million and $2.5 million, respectively.

“In general, ransomware has been fairly seasonal with consistent drop-offs in the summer months and spikes during winter holidays – a conscious attempt by threat actors to go unnoticed within a system at times when businesses are typically slower to react,” the report estimates.

However, this year stands out for other cyber events that impacted businesses. For example, a bug in CrowdStrike’s software caused a global IT outage. Business email compromise is now a leading cyber event, continuing a steady increase and accounting for nearly a third of all claims. Other third-party disruptions wreak havoc on healthcare and other industries.

Overall claims severity reached $122,346 in H1 2024. The figure was 14% higher than in H2 2023 but similar to that of a year earlier ($123,990).

On average, in six months, 1.55% of insured businesses were affected by some kind of cyber incident, leading to a claim.

The cyber insurer warns threat actors are increasingly attacking exposed login panels. Exposed login panels more than tripled the likelihood of experiencing a claim.

ADVERTISEMENT

“Businesses with at least one contingency of any type were 2.5 times more likely to experience a claim in 1H 2024. These contingencies include various risky technologies, such as certain boundary devices, remote access solutions, and end-of-life (EOL) software,” the report reads.

cyber-risks-claims

Coalition strongly recommends enforcing multi-factor authentication for all VPN users and ensuring they’re running the latest firmware – both of which help protect against brute force attacks, compromised credentials, and known vulnerabilities.