<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

With Ransomware Attacks on the Rise in 2023, Corvus Insurance Finds Risk-aware Organizations are Better Prepared to Face Down Attackers

Despite a 60% increase of ransomware in early 2023, Corvus Risk Insights Index™ finds fewer are paying ransoms, and proper security controls are an effective deterrent

BOSTON (May 17, 2023) — Corvus Insurance, the leading cyber underwriter, powered by a proprietary AI-driven cyber risk platform, today released findings from its fourth Corvus Risk Insights Index™, a compilation of industry trends and data analysis based on the company’s claims data, threat intelligence research, and proprietary scanning technology, the Corvus Scan.

In the early months of 2023, there was a sudden global explosion in the frequency of ransomware attacks with 452 new victims’ data appearing on dark web leak sites in March — a 60 percent increase year-on-year according to Corvus’s analysis of dark web sources. Despite the rise in observed activity, the rate of claims at Corvus has continued to trend downward this year.

“Following a year of decline in 2022, the early months of 2023 have brought a sudden explosion of ransomware attacks globally. This time, though, fewer organizations are caught off guard,” said Jason Rebholz, Chief Information Security Officer at Corvus Insurance. “More of them have cyber insurance, for one thing — along with enhanced security controls required by insurers since ransomware’s previous peaks. More organizations are able to face down attackers. Left unchecked, ransomware will continue to flourish. Corvus policyholders have not seen the same increase in ransomware activity, which we attribute to better security controls and proactive risk management."

In this latest edition of the Corvus Risk Insights Index, Corvus’s experts — including data scientists, underwriters, cybersecurity professionals, and claims managers — reflect on the past year, current trends, and what’s to come in the remainder of 2023.

Ransomware Claims, Costs, and Severity

Corvus routinely monitors its book for trends and compares that to global ransomware trends through its threat intel team, allowing for a broader look at trends across the industry.

Notable Ransomware Findings:

2022 was a year of decline.

  • Corvus observed a 52% reduction in ransomware claims over the full year, and a 62% decline from Q1 2021 to Q4 2022. Corvus also observed a 45% reduction in the total number of victims whose information was posted on the dark web.

Attacks against U.S. companies were far less frequent in 2022, compared to other countries.

  • While the U.S. saw 45% fewer victims posted on the dark web, Corvus discovered a nearly 20% increase in ransomware across all other countries in 2022 versus 2021.

Ransomware attacks began to spike again in March 2023.

  • Outside the Corvus book of business, 452 victims appeared on leak sites in the U.S., a 60% increase over the previous year. Meanwhile, claims on the Corvus book of business continued to decline.

The number of claimed extortion victims industry-wide in March 2023 stands at 349, according to dark web leak sources.

  • This is a 31% increase over February 2023, a 23% increase year-over-year. March remains one of the highest months on record.

Impact on Policyholders:

While ransomware attacks in the U.S. fell significantly in 2022, and the rate of payment of ransomware demands also fell, the average dollar amount paid in ransom rose to the highest levels ever seen across a full year, a 63% increase over 2021.

Ransom payments have dipped for Corvus policyholders.

  • In 2022, the percentage of Corvus policyholders who paid when confronted with a ransom dipped below 30% for the first time, a 16% improvement over the prior year and well below the estimated 41% who pay in the broader market.

The smallest businesses bear the brunt of attacks as a percentage of revenue.

  • A business with $50 million in revenue pays 4.5x more as a percentage of revenue for the average cyber claim than a business with $250 million in revenue.

“Pockets of Air” in Targeted Industries

Corvus has honed its ability to find “pockets of air” in industries often targeted by ransomware attacks. Healthcare is one industry that has been hit hard in the recent 2023 rise. Corvus data shows a 750% increase from February to March in attacks on healthcare-related organizations. Yet, despite the dramatic increases, healthcare organizations are 25% less likely to pay ransoms than average, and within Corvus’s book of business, healthcare has seen no change in attack frequency to date.

Other notable industry-specific shifts in dark web data from February to March 2023 include:

  • Telecommunications saw an 800% increase in attacks.
  • Government saw a 220% increase in attacks.

“The pockets of air in industries like healthcare show the power of data combined with the right security insights,” said Rebholz. “Just because ransomware is rising, or your industry happens to be targeted, doesn't mean you can't manage your risk. With the collective experience of thousands of attacks on different types of organizations, the lessons — and the best actions to take — are thankfully clearer than ever.”

You can access the full Corvus Risk Insight Index™ here. 

View the original press release on BusinessWire.

About Corvus Insurance

Corvus Insurance, a wholly owned subsidiary of The Travelers Companies, Inc., is building a safer world through insurance products that help to reduce cyber risk for policyholders. Corvus Insurance's Smart Cyber Insurance® and Smart Tech E+O® products include broad coverage, in-house claims handling, and risk prevention services that help prevent cyberattacks through threat alerts for policyholders and the partnership of our in-house cybersecurity experts. 

Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. For more information, visit corvusinsurance.com.

Recent Articles

Global Ransomware Attacks, Demands and Payments Rose in Second Quarter According to Corvus Insurance Cyber Threat Report


Q2 2024 Sets Record for Second Most Global Ransomware Attacks in a Quarter, Average Ransom Demand Soars by 102%. Keep reading to learn more.

Corvus Insurance Doubles Underwriting Offering, Expands Small Business Cyber Offering


Full transition to Travelers Excess and Surplus Lines paper completed.

Q1 2024 Sets Record for Most Global Ransomware Attacks in a First Quarter: New Corvus Insurance Ransomware Report


An unprecedented 18 new ransomware leak sites emerged over Q1 2024. Learn more about recent ransomware trends and activity in our press release.