Uh Oh: Cyber Extortion is Spiking Again
Extortion attempts such as ransomware attacks are on the rise again. Companies may want to consider cyber insurance policies to protect themselves.
Client companies insured by Marsh reported a record number of cyber extortion attempts in 2023, roughly 65% more than in 2022. Marsh posits that cyber crooks were scrambling in 2022 due to “a (temporary) move away from data encryption toward exfiltration, disruptions brought on by the start of the Russia-Ukraine war, decreased willingness of some companies to pay and the successful ‘infiltration’ of a particular ransomware group by the FBI.”
The days of five-to-low-six-figure ransom demands are long gone. “The median extortion payment dropped from $822,000 in 2021 to $335,000 in 2022,” Marsh reports. But “this trend was reversed in 2023 as the median payment increased from $335,000 to $6.5 million and the median demand increased from $1.4 million to $20 million as cyber criminals grew bolder.”
Fewer extorted companies are paying ransom than just four years ago. One reason: Companies are doing a much better job of backing up their data. They can more easily determine if threat actors (TAs) possess valuable data or basic customer info that’s already on the dark web.
TAs also killed the golden goose — once upon a time, ransomware pirates held up their end of the bargain and returned stolen data and/or unlocked companies’ systems after being paid. Then the dirty crooks started selling companies’ data to other TAs, or publishing customers’ data anyway, after their victims already paid up. Now companies are much more likely to not bother paying, because what’s the point?
Extortion Threats Mitigated with Cyber Insurance
A significant cyber attack can put a company out of business. At the very least, some customers will flee to “safer” providers. That can lead to a drop in revenue, job losses and declining market share for a vulnerable business.
Cyber insurance (CI) policies, like those provided by Marsh, can help save the day. There are different levels of coverage to choose from:
- first-party CI for internal business interruption, data recovery, legal and regulatory costs
- third-party CI to cover liability for damages, plus legal and forensic investigation costs, associated with customers, and
- network security coverage for malware, ransomware attacks, email compromise schemes, et al.
Annual policy coverage can range from $500 to $5,000 for small businesses and $5,000 to $50,000 for mid-sized employers. Policies include out-of-pocket deductibles.
Free Training & Resources
White Papers
Provided by UJET
White Papers
Provided by Personify Health
Further Reading
Can automated payment systems be guilty of discriminating against certain groups of people? The federal government says yes, they absolutel...
The Department of Government Efficiency (DOGE) got its start on Day One of President Donald Trump’s second term and met with immediat...
After payday, an employee flags a missing differential. HR sends the details to payroll, and the team begins retracing punches, schedules, ...
In a typical month-end scenario, you are dealing with hundreds or thousands of rows of transactions. Manually inserting rows to calculate t...
A modern tech stack that gives you the power to analyze your enterprise data in real time may no longer be something on the nice-to-have li...
Two Supreme Court rulings — one just announced and one to be released later this spring — will tip the scales further away from...