Average ransomware demand increases 100% from 2019 through Q1 2020

Data from 25,000 small-to-midsize organizations reveals ransomware as the top cyber insurance incident in the first half of the year, with the average ransomware demand increasing 100% from 2019 through Q1 2020

October 13, 2020

Coalition, cyber insurance and security company, announced the results of its H1 2020 Cyber Insurance Claims Report. The report explores top cybersecurity trends and threats facing organizations today, in addition to data showing the impact of COVID-19 on cyber insurance claims. The report garners insights from the incidents reported across 25,000 small and midsize organizations.

Coalition found that cyberattacks have increased in number and severity since the onset of the COVID-19 pandemic. The changes organizations implemented to facilitate remote work have given cybercriminals new opportunities to launch unprecedented campaigns, exploiting mass uncertainty and fear. In fact, since the beginning of COVID-19, Coalition observed a 47% increase in the severity of ransomware attacks, on top of a 100% increase from 2019 to Q1 2020. Coalition also found that newer strains of ransomware have been particularly malicious, with costly ransom demands and criminal actors threatening to expose an organization’s data if they don’t pay the ransom demand. They report that the average Maze demand is approximately six times larger than the overall average ransom demand.

Since the beginning of the pandemic, Coalition also reported a 35% increase in funds transfer fraud and social engineering claims filed by their policyholders. Reported losses from these types of attacks have ranged from the low thousands to well above $1 million per event. Additionally, COVID-19 has resulted in a notable surge of business email compromise. Coalition observed a 67% increase in the number of email attacks during the pandemic.

Coalition’s findings indicate that ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss — accounting for 87% of reported incidents and 84% of claims payouts in the first half of 2020. Digging deeper into what ultimately caused these claims, Coalition found that:

Due to the transition to remote work, exploitation of remote access was the root cause of reported ransomware incidents
Email intrusion, invoice manipulation, and domain spoofing were the most common attack techniques for funds transfer fraud incidents
Organizations that use Microsoft Outlook for email were more than three times as likely to experience a business email compromise as compared to organizations that use Google Gmail

“When it comes to cyber loss, the conventional wisdom is that it’s not ‘if’ it will happen, but ‘when’,” said Joshua Motta, CEO and co-founder of Coalition. “We’re in a heightened state of cyber vulnerability: human errors are more likely to be made remotely, new technology is being deployed on a daily basis to support remote work setups, and cybercriminals are taking advantage. Our report showcases where organizations are most at risk, and the fact that we, at Coalition, are in a unique position to proactively help organizations prevent incidents, provide emergency response when they occur, and, most importantly, help organizations recover operationally and financially in the aftermath.”

Coalition’s report also shows that criminal actors target organizations of all sizes. While larger organizations in Coalition's sample (with revenues of $100M-$250M) were five times as likely to experience claims as small organizations (with revenues under $10M), the severity of losses was often well into six figures, regardless of the organization’s size. This highlights the disproportionate financial impact of cyber incidents on small businesses.

To read the full report, and access Coalition’s recommendations for preventing cyber incidents, click here.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.