Ransomware activity was the leading source of cyber insurance claims in 2023, and as of mid-2024, this activity, at least on the surface, does not appear to show any signs of abating.

For example, take the Change Healthcare cyberattack in February, which resulted in the largest health payment processing operator in the United States being subjected to a massive breach.

The incident was described as “the largest security attack on the American health care system”, and its costs were estimated at $1 billion or more.

Another significant event is the hacking campaign against cloud data and analytics company Snowflake, the scope of which remains unclear.

Meanwhile, earlier this month, Snowflake said it would end its investigation into the hack, which affected up to 165 of its customers, including Ticketmaster and Santander Bank.

And just last week, a major provider of retail software to auto dealers experienced a cyber outage, according to a Reuters report. The outage affected dealers across the United States and Canada, including a portion of BMW Group dealers.

However, although there were notable attacks in 2024, Meredith Schnur, Marsh’s cyber practice leader, said the overall trend points toward a more sporadic pattern rather than a steady increase or decrease in cyber incidents as first-quarter data looks similar to 2023 and the potential for a decline. activity this year. “(Cyber ​​incidents) in 2024 may be more sporadic, rather than gradually rising or stabilizing,” Schnur said. But she also warned that the situation could change quickly. “A lot of breaches and ransomware incidents are still possible,” she added.

How is the cyber insurance market responding?

Marsh’s latest cyber report shows that North American cyber insurance claims reached record levels in 2023. The broker said it received 1,800 cyber claims from clients in the U.S. and Canada, more than in any other year.

This increase was driven by the increasing sophistication of cyberattacks, the size of the MOVEit file transfer data breach, privacy claims, and the increasing number of organizations purchasing cyber insurance.

The report also revealed that ransomware remains a major concern for insurers and insureds alike despite representing less than 20% of total claims.

Although ransomware claims have increased in the past year, organizations have seen a slowdown in insurance rates, according to Schnur. This reflects a “mature market” where insurers have become better at understanding and pricing risks.

This shift points to a more nuanced approach to underwriting, with insurers asking deeper questions to better understand threats and price risk more accurately.

The resilience journeys that organizations are on also play a major role in the evolution of the market. According to Schnur, organizations are now better prepared to handle incidents than they were a few years ago. “Organizations are more experienced, more practiced, and more resilient,” said the cyber practice leader.

Not only does increased resilience help organizations mitigate the impact of cyber incidents, it has also impacted how insurers evaluate and price their policies.

Emerging trends in cybersecurity – what to watch for?

The Marsh report also revealed that cyber extortion incidents in North America reached a record high last year, with unprecedented ransom demands. The company said it received 282 notifications of extortion incidents in 2023, an increase of 64% from 2022.

It is worth noting that only a quarter (23%) of Marsh customers who experienced an online extortion incident paid a ransom, while the majority (77%) refused. This is compared to 37% of Marsh customers who refused cybercriminal demands in 2021.

But Schnur warned that the profitability generated by electronic blackmail operations will remain a major driver of this plan. “Extorting corporate systems and making easy money is very lucrative and lucrative,” Schnur said. “Until this opportunity fades, we will continue to see cyber extortion attacks on organizations around the world.”

Another important trend is the rise of supply chain attacks, such as the MOVEit and Snowflake events, where a single event can impact multiple parties. This interconnected risk is becoming more common, leading to an increasing number of companies affected by a single breach. “A single event, a single breach or ransomware incident for one company, opens the door to multiple parties being affected. That’s also driving the numbers up,” Schnur said.

Amid ongoing threats, Schnur pointed to the silver lining: a notable shift in how organizations manage their cybersecurity and build resilience. She stressed the importance of having strong mitigation strategies, even if prevention is not always possible.

“You have sprinklers because they don’t stop the fire. But when the fire happens, you hope it mitigates it.”

Do you have something to say about cyber insurance trends? Please share your comments below.