Average ransom demands have increased nearly threefold and smaller companies are experiencing more cyberattacks, according to the results of Coalition Inc.’s latest cyber insurance claims report.
From the first half of 2020 to H1 2021, the average ransom demand made to Coalition policyholders jumped nearly 170% from $450,000 to $1.2 million per claim, Coalition said its H1 2021 Cyber Insurance Claims Report, released Tuesday. Cyberattacks were also increasingly targeting small and micro businesses, with Coalition seeing a 57% increase in the frequency of attacks against organizations with under 250 employees.
“Coalition’s analysis reveals that ransom demands have grown substantially over the past year, smaller companies are increasingly targeted, and cybercriminals continue to take advantage of dislocations in how we work,” the company said in a press release Tuesday. Coalition analyzed claims data through June 2021 from 50,000 customers in Canada and the United States.
Miki Ho, who handles business development at Coalition in Canada, told Canadian Underwriterearlier this month that ransomware is exploding as of late.
“Ransomware continues to be the number one claim vector,” he said in advance of the release of the 2021 claims report. “When you look at our book of business, there’s really [these] top three things that we’re seeing — it’s ransomware, social engineering and business email compromise.” (BEC involves taking over somebody’s account to potentially commit more criminal activity.)
“What’s interesting about those three is that it really doesn’t matter what industry a client might be in, they are potentially exposed to all of those things,” Ho said. “Whether they hold sensitive information or not, they could be hit by one of those claims.”
Joshua Motta, CEO and co-founder of Coalition, echoed that sentiment. “It’s clear that ransomware and other cybercrimes have escalated considerably in the past year,” he said in the release. “Bad actors are targeting everything from critical infrastructure to the corner store.”
For small and micro businesses, the increased automation of cyberattacks, as well as the more widespread use of insecure remote access tools during the pandemic, has left these organizations exposed and created new opportunities for cybercriminals.
In terms of ransomware, while it has become more widespread and severe in the past year, many organizations continue to be targeted by less sophisticated attack techniques that exploit the new patterns of remote work. Nearly 50% of attacks against Coalition’s policyholders were initiated by phishing and social engineering.
From the first half of 2020 to 2021, Coalition found that funds transfer fraud (FTF) attacks increased 28% and BEC attacks increased 51%. In that time period, the average funds stolen in an FTF attack increased from $116,842 to $326,264 — a 179% increase.
Looking ahead, Coalition predicts that ransomware will remain the single biggest threat for all organizations, and the cyber insurance market will continue to harden throughout the year, among other predictions.
“It will be harder to qualify for cyber insurance, and the implementation of many common cybersecurity controls will increasingly be required as a condition of coverage,” the report said. “We predict that many insurance carriers will also begin to require companies to address vulnerabilities during the policy period or risk losing some (or all) coverage. Price increases, coinsurance, and sub limits on critical coverages are already happening, and will continue throughout 2021.”