More organizations are saying 'no' to ransomware demands

Greater preparedness and enhanced backup processes are driving a drop in the number of ransoms paid.

During the second quarter of 2021, Corvus experienced a 50% decline in the number of ransomware claims. This drop in frequency was attributed to the shutdown of ransomware groups Darkside and REvil during the Q2 2021. This decrease was sustained through the subsequent quarter. (Credit: Andrey_Popov/Shutterstock.com)

Ransomware claims that resulted in the demands being paid shrank from 44% in Q3 2020 to 12% during the most recently closed quarter, according to Corvus, which has seen large, sustained declines in the number of ransomware claims.

Further, costs associated with a ransomware attack have held steady year-on-year, averaging $142,000, a Corvus report found.

The drop in the ratio of demands made to those paid is attributed to companies being more prepared for a cyberattack, Corvus reported. Additionally, backup processes have been enhanced. These two factors combine to allow breach response professionals to handle incidents more efficiently and get companies back online faster.

While the ransomware situation seems to be taming, Q3 2021 did see an increase in the average cost of a ransomware attack. However, the average is made up of a smaller volume of overall attacks and fewer incidents where any ransom was paid, according to the insurance company.

During the second quarter of 2021, Corvus experienced a 50% decline in the number of ransomware claims. This drop in frequency was attributed to the shutdown of ransomware groups Darkside and REvil during the Q2 2021. This decrease was sustained through the subsequent quarter, according to the insurance company.

Tech vendor beware

Cyberattacks or other outages that can be linked back to a technology vendor’s service or product can cause costs to pile up as the service provider defends lawsuits from customers that suffered damages or lost data.

For tech vendors that work with large companies, this risk is even more pronounced, Corvus reported. A company with 250 or more employees is 216% more likely to sue their tech vendor than a company with 10 or fewer employees and twice as likely as businesses with 11-50 workers.

Further, media companies and metal manufacturers are 50% more likely to sue their technology vendors than the average business. Insurers who faced a cyber incident are around 20% more likely to sue a third-party vendor than the average business.

Related: