Ransomware Was the Top Cyber Insurance Claim in Q1 2020

• Ransomware retakes the lead (from business email compromise) as the top cyber insurance claim the first half of the year
• Analysts observed a 47% increase in the severity of ransomware attacks, on top of a 100% increase from 2019 to Q1 2020
• Ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss

Data from 25,000 small-to-midsize organizations reveals ransomware as the top cyber insurance claim in the first half of 2020, with the average ransomware demand increasing 100% from 2019 through Q1 2020.

In late 2019, AIG, one of the world's largest insurance companies, issued a report saying business email compromise (BEC) had taken the baton from ransomware in the top threats causing business losses. In short, BEC became the top reason businesses made a cyber insurance claim last year. This year, however, cyber insurer Coalition says things are back to the way they were. According to the company’s H1 2020 Cyber Insurance Claims Report, ransomware is again the top cyber insurance claim – at least in the first half of the year.

Since the beginning of the COVID-19 pandemic, the firm observed a 47% increase in the severity of ransomware attacks, on top of a 100% increase from 2019 to Q1 2020.

It also found that newer strains of ransomware have been particularly malicious. For example, the average demand from the infamous Maze ransomware operators is approximately six times larger than the overall average ransom demand (from other threat actors). Maze operators pioneered their costly ransom demands by threatening to expose an organization’s data if they don’t pay the ransom demand. Competing operatives soon followed suit, with more and more threat actors applying the model this year, coercing their victims to cave in.

Coalition also reports a 35% increase in funds transfer fraud and social engineering claims filed by their policyholders. The firm said losses from these types of attacks ranged from the low thousands to well above $1 million per event.

Business Email Compromise is still alive and kicking, though. COVID-19 has marked what Coalition analysts call “a notable surge” in BEC scams targeting businesses – a 67% increase, to be precise, in the number of email-borne attacks during the pandemic.

Ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss — accounting for 87% of reported incidents and 84% of claims payouts in the first half of 2020, the firm concludes. Exploitation of remote access was the root cause of reported ransomware incidents (due to remote work). Simultaneously, email intrusion, invoice manipulation, and domain spoofing were the most common attack techniques for funds transfer fraud incidents.

The cyber insurer also found that organizations that use Microsoft Outlook for email are more than three times as likely to experience a business email compromise than organizations that use Google Gmail. This finding states the obvious somewhat, considering BEC scams typically target business environments.