Cyber claims frequency, severity up in 2023's first half

Review five ways businesses can actively address growing cyber risks.

Ransomware monetary demands also saw a big increase, growing 47% during the past six months and 74% year-on-year to reach $1.62 million, on average, Coalition, Inc. reported. Credit: Yurii Kibalnik/Adobe Stock

Cyber insurance claims ticked up 12% through the first half of 2023, driven by an increase in ransomware and funds transfer fraud (FTF), while claims severity increased 42% with an average loss amount of more than $115,000, according to Coalition, Inc.

During the period, ransomware-related claims frequency was up 27%, with May seeing the most ransomware claims of any single month in Coalition’s history. The company reported ransomware claims severity reached a record high in 2023’s first half, reaching beyond $365,000. During the six-month period, ransomware-related claims severity was up 61% and more than 115% year-on-year.

Ransomware monetary demands also saw a big increase, growing 47% during the past six months and 74% year-on-year to reach $1.62 million, on average, Coalition reported.

The first half also saw a huge spike in FTF incidents. Claims frequency related to FTF events was up 15% during the period, while severity grew 39%. The average FTF loss was more than $297,000. Coalition reported that FTF remains a reliable way for cybercriminals to monetize their activities as it is a relatively easy attack method and can be paired with well-tested phishing techniques.

“The cyberthreat landscape has become more volatile, and, as a result, we’ve seen claims become more severe and more common than ever,” Chris Hendricks, head of Coalition Incident Response, said in a release. “To help prevent these costly and disruptive incidents, organizations need to take an active role in improving their security defenses and make risk management a top priority.”

To this end, Coalition recommends the following five steps businesses can take to actively address cyberthreats:

  1. Use multifactor authentication on all critical accounts: FTF and business email comprise events typically start with phishing attacks, which can be prevented by leveraging multifactor authentication.
  2. Maintain offline backups of critical data: Installing and testing offline backups can help a business recover from a ransomware event without giving in to demands.
  3. Establish a formal procedure for electronic payments: Coalition suggested never confirming new or payment instruction changes via email, always requiring two-party reviews (or more) when transferring funds and reporting all suspicious activity.
  4. Patch software and firmware regularly: A routine patching scheduling and regular alerts can help organizations identify and correct critical vulnerabilities.
  5. Reduce use of legacy and risky technology: Cybercriminals view outdated software and programs with histories of vulnerabilities as a sign that a business lacks security control, according to Coalition.

Related:

Recommended Stories