Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Fraud Prevention
  3. Minimizing Fraud Procedures

Cybercrime insurance claims rise as ransomware proliferates

Advancements in technology, adoption of remote working practices because of the COVID-19 pandemic, the Russian invasion of Ukraine, the lack of accurate understanding of enterprise-wide cybersecurity risks and vulnerabilities, and the failure to provide current and continual cybersecurity training to employees are all factors that cybercriminals are exploiting to extort tens of millions of corporate dollars. 

Ransomware a significant and surging cybersecurity threat

Ransomware is one of the most disruptive and damaging cyberattacks, hitting hundreds of thousands of companies globally in 2021.

According to estimates from Cybersecurity Ventures, ransomware is the fastest growing type of cybercrime and is expected to attack a business, consumer or device every two seconds by 2031, up from every 11 seconds in 2021. Christopher Wray, director of the Federal Bureau of Investigation (FBI) told The Wall Street Journal in an interview published last year, “The ransomware threat was comparable to the challenge of global terrorism in the days after the September 11, 2001, attack.”

As per the 2022 Cyber Threat Report by cybersecurity company SonicWall governments worldwide saw a 1,885% increase in ransomware attacks in 2021, while the health care industry faced a 755% increase. SonicWall’s “researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than in 2020, a 105% increase. Ransomware volume has risen 232% since 2019.”

Even as ransomware attacks are multiplying, cybercriminals are employing manipulative tactics to coerce companies into paying larger ransoms. A study released by the Unit 42 security consulting group revealed that the average ransomware payment climbed 82% from 2020 to 2021 to a record US $570,000 in the first half of 2021. Among the dozens of cases that Unit 42 consultants reviewed in the first half of 2021, the average ransom demand was $5.3 million. That’s up 518% from the 2020 average of $847,000.

Ransomware the largest driver of cyber insurance claims

In recent years, ransomware is also considered the largest driver of cyber insurance claims. NetDiligence’s 11th annual cyber claims study evaluated almost 6,000 cyber claims arising from incidents between 2016 and 2020. Ransomware represented the number one cause of loss in the study. The Sophos’ report, the State of Ransomware in Healthcare 2022, also attests to the fact that ransomware is the single largest driver of cyber insurance claims.

The proliferation of ransomware has led to an increase in the frequency and value of cyber insurance claims. Many insurance providers have increased their premium prices and turned away organizations without sufficient cybersecurity precautions. According to Marsh, one of the world’s leading insurance brokers and risk advisors, the price of cover in the US grew by 130% in the fourth quarter of 2021 alone, while in the UK it grew by 92%.

Ransomware a board-level risk and budgeted priority

The increase in frequency and soaring payout costs because of ransomware attacks has made it a board-level risk and put the cyber insurance industry under extreme pressure. This is evidenced by a recent survey by Panaseer, an enterprise security company, that involved 1,200 global enterprise security leaders and revealed that 91% of respondents reported to their board on ransomware protection levels. Eighty-six percent of security leaders stated that ransomware mitigation is a budgeted priority in 2022.

Nik Whitfield, Chairman, Panaseer, explains: “In recent years, ransomware has been the most high-profile risk in cybersecurity, which is why many Boards are concerned about its potential for disruption and damage. Thanks in part to the proliferation of ransomware claims during the Coronavirus pandemic, cyber insurers have also been forced to pay out on underpriced policies, pushing their portfolios towards being loss-making. The result is that the market has hardened, insurers have withdrawn and it’s much tougher for customers to get insurance at all, let alone good value on a policy.”

“The current, distressing situation in the Ukraine may well increase the cyber risk to companies, making it harder for underwriters to effectively price policies and even harder for companies to buy any cyber insurance cover,” Whitfield added.

Strong cyber defences required to secure insurance coverage

Josh Weisberg, Director, Risk Management Services, Sterling Risk, commented in a recent episode of the Treasury Update Podcast (Protecting the Flow of Your Business: A Series on Cyber Security), “The average cost of a global cyber insurance claim is now as high as $8 million.” The pressure is mounting on corporations for better cyber hygiene and security due diligence.

Cyber insurance is fast becoming a condition for doing business in certain sectors. Many insurers are looking to reduce risk and exposure by asking more questions about the controls that companies have in place to negate ransomware threats and by demanding more rigorous security attestations so they can more effectively price and allocate cover.

GlobalData predicts that the total in gross premiums paid for cyber insurance will rise to $20 billion in 2025 from $7 billion in 2020. Insurers are assessing if minimum security standards are being met before agreeing to sell businesses coverage or lower insurance premiums. They are also limiting pay outs due to accidental errors or omissions during the underwriting process. Having strong cyber defences in place will significantly improve a corporation’s ability to secure the coverage they need and keep down higher insurance premiums.

According to the Panaseer research survey, 86% of respondents said they’d be willing to prove the strength of their cyber programme to insurers with data-driven metrics in the next two years if it led to a reduced premium. Twenty-nine percent of security leaders believe they will be ready in the next 12 months, and 57% hope to be ready in the next 13-24 months, with 14% not sure when they will be able to share the data.

Continuous and current employee training

As more organizations confront ransomware threats, treasury and security practitioners must take proactive steps to mitigate risks from ransomware threats.

Steps like multi-factor authentication (MFA), end point detection and response (EDR), and systems and security controls and processes for remote working environments should be deployed at each stage of the cyber kill chain. However, sprucing the human intelligence component, the first line of defence against ransomware attacks, is the key weapon in the battle against ransomware.

Increased and timely ransomware-focused security training for employees is vital to detect and report threats. Strategic Treasurer, a leading treasury consulting firm, recommends that employees who have access to payments systems must be regularly trained and tested.*

When trained properly, corporations can detect and mitigate potential ransomware attacks before they happen. Strategic Treasurer recommends focus on the human element to shore up cyber defences. As per its research, “Organizations who train their employees on payment fraud, controls, and cyber fraud have a dramatically lower frequency of reported losses. Non-trained firms experience more losses and have five times more ransomware attacks.”


The increasing frequency and size of ransomware attacks are becoming a huge concern for governments and organizations worldwide.

The White House has urged companies to treat the threat of ransomware attacks with greater urgency. In the US, the Cybersecurity and Infrastructure Security Agency (CISA) announced two weeks ago the formation of a task force on ransomware.

Cyber insurance can augment your defences in case of a ransomware attack. It can help you tackle extortion threats arising from ransomware crime and aid in recovery from an attack, but it shouldn’t be considered as an alternative or replacement to a comprehensive and multi-layered ransomware protection strategy. Companies must continue to invest in adequate cybersecurity measures to get the most benefit from the cyber insurance policy.


*Disclaimer: Strategic Treasurer owns CTMfile.

Like this item? Get our Weekly Update newsletter. Subscribe today

About the author

Also see

Add a comment

New comment submissions are moderated.