In its 2024 Cyber Claims Report, the wholesale broker Coalition reports a 54 per cent decrease in the severity of claims associated with ransomware attacks. 

The report’s figures are limited to claims made in the United States. According to data from the Federal Bureau of Investigation (FBI) cited in Coalition’s report, over 880,000 cybercrime complaints were filed in 2023, resulting in estimated economic losses of USD 12.5 billion. 

Year-over-year, the number of claims increased by 13 per cent in 2023, while the average cost per incident rose by 10 per cent. In 52 per cent of the claims, policyholders did not have to make any out-of-pocket payments to resolve a data breach. 

The most significant increase in claim frequency was seen among companies with revenues between USD 25 million and USD 100 million, which experienced a 32 per cent rise compared to 2022. For companies with revenues under USD 25 million, the frequency rose by 8 per cent in 2023, while it increased by 14 per cent for businesses with revenues exceeding USD 100 million. 

After a first half where the average cost per claim reached USD 236,779 for larger companies – primarily due to ransomware – the severity was halved during the second half of 2023. 

Most targeted 

The Coalition report also identifies the most common targets for hackers in 2023. Notably, Cisco’s Adaptive Security Appliance (ASA), a system designed to protect remote connections, was five times more likely to be targeted by cybercriminals in 2023. 

Other frequently targeted systems included Fortinet’s platform and Microsoft’s Remote Desktop Protocol (RDP) application. 

Fund transfer fraud (FTF) remains the most profitable form of cybercrime, and Coalition predicts this trend will continue, as it is a low-cost, high-reward activity. 

Ongoing threats 

A few weeks prior, Coalition released its 2024 Cyber Threat Index, produced by researchers at Coalition Security Labs. The report underscores that cybercrime remains easy and lucrative, and that hackers will continue exploiting vulnerabilities in companies that fail to maintain strong cybersecurity practices. 

Common vulnerabilities and exposures (CVEs) are among the top three attack vectors used by hackers to hold businesses for ransom. Some of these CVEs are detailed further in the report, which notes that many high-profile incidents covered by the media are the result of disclosures to public authorities. Media coverage often amplifies the perceived severity of these issues. 

However, the alert process is sometimes delayed, as was the case with MOVEit, a file transfer platform. A CVE attack on MOVEit was not disclosed until June 1, 2023, despite Coalition’s "honeypot" detection systems identifying the vulnerability as early as November 2022. The speed with which the CI0p hacker group exploited this flaw to launch multiple breaches starting in late May 2023 highlights the need for quicker identification of CVEs, the report concludes. 

This article is a Magazine Supplement of the July issue of the Insurance Journal.