Despite a 60% increase of ransomware in early 2023, Corvus Risk Insights Index™ finds fewer are paying ransoms, and proper security controls are an effective deterrent
BOSTON (May 17, 2023) — Corvus Insurance, the leading cyber underwriter, powered by a proprietary AI-driven cyber risk platform, today released findings from its fourth Corvus Risk Insights Index™, a compilation of industry trends and data analysis based on the company’s claims data, threat intelligence research, and proprietary scanning technology, the Corvus Scan.
In the early months of 2023, there was a sudden global explosion in the frequency of ransomware attacks with 452 new victims’ data appearing on dark web leak sites in March — a 60 percent increase year-on-year according to Corvus’s analysis of dark web sources. Despite the rise in observed activity, the rate of claims at Corvus has continued to trend downward this year.
“Following a year of decline in 2022, the early months of 2023 have brought a sudden explosion of ransomware attacks globally. This time, though, fewer organizations are caught off guard,” said Jason Rebholz, Chief Information Security Officer at Corvus Insurance. “More of them have cyber insurance, for one thing — along with enhanced security controls required by insurers since ransomware’s previous peaks. More organizations are able to face down attackers. Left unchecked, ransomware will continue to flourish. Corvus policyholders have not seen the same increase in ransomware activity, which we attribute to better security controls and proactive risk management."
In this latest edition of the Corvus Risk Insights Index™, Corvus’s experts — including data scientists, underwriters, cybersecurity professionals, and claims managers — reflect on the past year, current trends, and what’s to come in the remainder of 2023.
Ransomware Claims, Costs, and Severity
Corvus routinely monitors its book for trends and compares that to global ransomware trends through its threat intel team, allowing for a broader look at trends across the industry.
Notable Ransomware Findings:
2022 was a year of decline.
Attacks against U.S. companies were far less frequent in 2022, compared to other countries.
Ransomware attacks began to spike again in March 2023.
-
Outside the Corvus book of business, 452 victims appeared on leak sites in the U.S., a 60% increase over the previous year. Meanwhile, claims on the Corvus book of business continued to decline.
The number of claimed extortion victims industry-wide in March 2023 stands at 349, according to dark web leak sources.
Impact on Policyholders:
While ransomware attacks in the U.S. fell significantly in 2022, and the rate of payment of ransomware demands also fell, the average dollar amount paid in ransom rose to the highest levels ever seen across a full year, a 63% increase over 2021.
Ransom payments have dipped for Corvus policyholders.
-
In 2022, the percentage of Corvus policyholders who paid when confronted with a ransom dipped below 30% for the first time, a 16% improvement over the prior year and well below the estimated 41% who pay in the broader market.
The smallest businesses bear the brunt of attacks as a percentage of revenue.
“Pockets of Air” in Targeted Industries
Corvus has honed its ability to find “pockets of air” in industries often targeted by ransomware attacks. Healthcare is one industry that has been hit hard in the recent 2023 rise. Corvus data shows a 750% increase from February to March in attacks on healthcare-related organizations. Yet, despite the dramatic increases, healthcare organizations are 25% less likely to pay ransoms than average, and within Corvus’s book of business, healthcare has seen no change in attack frequency to date.
Other notable industry-specific shifts in dark web data from February to March 2023 include:
-
Telecommunications saw an 800% increase in attacks.
-
Government saw a 220% increase in attacks.
“The pockets of air in industries like healthcare show the power of data combined with the right security insights,” said Rebholz. “Just because ransomware is rising, or your industry happens to be targeted, doesn't mean you can't manage your risk. With the collective experience of thousands of attacks on different types of organizations, the lessons — and the best actions to take — are thankfully clearer than ever.”
You can access the full Corvus Risk Insight Index™ here.
View the original press release on BusinessWire.