Cyber-insurance claims have soared to unprecedented levels in 2023, with more than 1,800 claims submitted from the United States and Canada, according to a report by insurance broker Marsh.
This surge is attributed to several factors: the increasing sophistication of cyberattacks, a rise in privacy claims, a growing number of organizations purchasing cyber insurance, and the extensive impact of the MOVEit file transfer supply chain breach.
The healthcare sector led the claims, accounting for 17% of the total. The communications sector followed closely with 16%, while education, retail/wholesale, and financial institutions contributed 9%, 8%, and 8% of the claims, respectively.
The report also highlighted a significant increase in cyber-extortion incidents. In 2023, 282 clients reported at least one cyber-extortion event, compared to 172 clients in 2022. Correspondingly, median extortion payments escalated dramatically, rising from $335,000 in 2022 to approximately $6.5 million in 2023. Extortion demands from threat actors surged from $1.4 million to $20 million during the same period.
Despite the worsening cyber conditions and the heightened activity of threat actors, Marsh noted a positive trend in the effectiveness of negotiating extortion payments. The percentage of companies that paid a ransom decreased to 23% in 2023, down from 30% in 2022, indicating that negotiating tactics are helping to mitigate the final ransom amounts.