Cyber Insurance Claims Surge in North America in 2023

Cyber insurance claims in North America reached unprecedented levels in 2023, as highlighted by insurance broker Marsh. The firm received over 1800 cyber claim reports from clients in the US and Canada, marking the highest number recorded to date. Several factors contributed to this increase:

• The growing sophistication of cyber-attacks
• The scale of the MOVEit file transfer supply chain incident
• An increase in privacy claims
• More organizations purchasing cyber insurance

In 2023, 21% of clients reported at least one cyber event, a slight increase from 18% in 2022. Over the past five years, the proportion of covered companies reporting cyber events has remained relatively stable, ranging between 16% and 21%.

Healthcare Industry Leads in Cyber Insurance Claims

Marsh’s findings indicate that the healthcare industry has consistently submitted the highest number of cyber insurance claims from 2020 to 2023. In 2023, healthcare accounted for 17% of all claims, followed by:

• Communications (16%)
• Education (9%)
• Retail/Wholesale (8%)
• Financial institutions (8%)

Record Levels of Cyber Extortion

The report revealed a significant rise in cyber extortion events, including ransomware. In 2023, 282 clients reported at least one cyber extortion event, compared to 172 in 2022. This resurgence is partly attributed to the increasing shift towards data exfiltration over encryption by attackers and the emergence of the ransomware-as-a-service (RaaS) model.

Median extortion payments soared from $335,000 in 2022 to $6.5 million in 2023, with median extortion demands rising from $1.4 million to $20 million. While extortion negotiations have proven effective in reducing the final ransom paid, the percentage of the median demand paid increased from 24% in 2022 to 32% in 2023.

Encouraging Trends in Ransom Payments

Encouragingly, the percentage of companies that paid a ransom demand decreased to 23% in 2023, down from 30% in 2022. This continues a longer-term trend, as a much higher proportion of victims paid demands in 2020 and 2021 (68% and 63%, respectively).

Marsh emphasized that cyber extortion claims have consistently remained under 20% of total reported cyber claims. Privacy claims and system attacks leading to unauthorized access and potentially exposed data without an extortion component constitute a larger share of claims.

Conclusion

Marsh’s insights underscore the evolving landscape of cyber threats and the critical importance of robust cybersecurity measures. At PivIT Strategy, we remain committed to helping organizations navigate these challenges and secure their digital assets effectively.