To shorten the response time between event notification and the time a company receives confirmation of coverage or first payment in the event of a cyber claim, insurance broker and risk advisor Marsh, a Marsh McLennan business, offers some recommendations. These include practicing responses to cybercrime, using vendors that are pre-approved by insurers and reinsurers to work on cyber incidents and claims, and following proper steps and maintain proper documentation.

The reasons why, discussed in Marsh’s new cyber report, Ransomware: A persistent challenge in cyber insurance claims, include the fact that the number of companies in the United States and Canada experiencing a cyber extortion event hit a record high in 2023. The demands made in these instances are also unprecedented, the company says.

Claims up 64 per cent 

Events reported to Marsh rose to 282 in 2023, a 64 per cent increase over 2022’s claims. Overall, 21 per cent of the firm’s clients reported a cyber event in 2023. The vast majority, they say, were privacy claims and system attacks leading to unauthorized access and potentially exposed data.

Ransomware made up only 17 per cent of cyber claims filed, but remains a top concern for the organization because of the increased frequency, sophistication and potential incident severity. They say the median ransom demand jumped to $20-million in 2023, up from just $1.4-million the year before. The median payment made was $6.5-million, they say.

The firm’s analysis of 1,800 cyber claims submitted by clients in the United States and Canada to Marsh in 2023 further found financial institutions remain in the top five most affected industry sectors.

To pay or not to pay 

“While the decision to pay or not to pay is highly nuanced, organizations should be prepared to respond, including by practicing their responses under a variety of scenarios,” the report states. “When a claim does arise, it’s important to follow proper steps such as notifying insurers, brokers and other stakeholders and maintaining proper documentation.” 

They also urge companies to review their panel of outside vendors pre-approved to work on cyber incidents and claims. “Using their insurers’ pre-approved vendors can significantly improve the average time from event notification to receiving confirmation of coverage or first payment – from just over two months when using a panel to more than 12 months when using non-panel vendors.”