Live Webinar 11/20: SMB Cyber Survival Guide 2025

New Claims Report sees ransomware demands triple to average $1.2M

Featured Image for New Claims Report sees ransomware demands triple to average $1.2M

Ransomware is top of mind for everyone — media, companies, governments, international bodies, and as attacks escalate, everyone is impacted — from small businesses to critical infrastructure. Our H1 2021 Cyber Insurance Claims Report analyzed claims data through June 2021 from customers in the United States and Canada, and the results are staggering. From the first half of 2020 to 2021, the average ransom demand made to Coalition policyholders increased nearly threefold, from $450,000 to $1.2 million per claim.

Our visibility into cyber incidents comes from three primary sources: our policyholders reporting incidents and claims, data the National Association of Insurance Commissioners (NAIC) shares with us, and finally, from the tens of thousands of insurance applications we receive each year. This is our second year compiling data to assess — and predict — trends in cyber insurance. Unfortunately, we previously witnessed the beginning of a prolific trend of increased ransomware attacks as bad actors exploited remote access in 2020.

Ransomware evolves into a costly business model

Ransomware is a criminal business model in which the attacker seeks financial gain at the cost of their victim’s data. Over the past year, Coalition has seen a sharp increase in ransomware demands, in part because the global shift to remote work has let attackers remain inside a network longer, getting a better sense of what organizations can “afford” to pay.

Our average ransom demand for the second half of 2020 was $1,304,743 and leveled to $1,193,159 in the first half of 2021.

This has led to increased ransomware demands and an explosion of new ransomware variants that are even more invasive: PYSA, Mimikatz, Medusa, Snatch, Egregor, Conti, Mount Locker, and HelloKitty. Additionally, attackers have commoditized ransomware even further. Ransomware as a Service (RaaS) is a powerful business model in which developers lease malware to hackers, sometimes even providing tech support.

Graph-AvgRansomVariant

Reshaping the industry, one ransom at a time

Ransomware has reshaped the industry. Halfway into 2021, we've continued to see the cyber insurance market harden, leading to increased underwriting scrutiny and higher premiums. Carriers are not without cause for concern; ransoms have increased along with the severity of business interruptions and recovery time. Some have even gone so far as to speculate whether or not cyber insurance makes ransomware worse (we don’t think so).

Our data reveals the average ransom demand increased to $1.2 million, and smaller companies experienced a 57% increase in attacks.

While many small and midsize businesses may not view themselves as a target, they are actually impacted more often than larger organizations and are the least able to defend themselves and recover quickly. According to Coveware, 70% of ransomware attacks impact organizations with fewer than 1,000 employees, which may be more vulnerable.

Graph-RansomwareClaims2021

How organizations can fight back

Despite the seemingly never-ending tide of ransomware attacks, there are things companies can do to protect themselves:

  • Email security and spam filtering are key – business email compromises (BEC) can lead to ransomware

  • Ensure technical vulnerabilities like old, unpatched software or insecure remote access tools are unavailable for attackers to exploit

  • Backups should be implemented and tested regularly before a ransomware event occurs

Graph-ReportedClaimsByAttack

Note: attack vector data is not known in all cases. These charts reflect attack vectors for reported claims where the attack vector was known. Vectors are categorized according to the MITRE ATT&CK taxonomy of adversary tactics and techniques.‌‌ Valid accounts is an attack technique whereby a criminal gains unauthorized access to a legitimate account.

As the cyber market continues to harden and ransomware continues to proliferate, Coalition has held strong. Our cybersecurity guide outlines the basic tenants of a cybersecurity program — a critical factor in reducing your organization’s risk of falling victim to a ransomware event. Additionally, organizations can view their risk in real-time through Coalition Control, our integrated platform that lets businesses review their risk profile and pinpoint associated vulnerabilities.

Download the full H1 2021 Cyber Insurance Claims report here to learn more about these trends and our predictions for the remainder of 2021.