A new Risk Insights Index released today by Corvus Insurance reveals that the rate of ransomware claims reached in the final quarter of last year was just half of the peak seen in Q1.
At the same time the average ransom paid was around $167k, 44.2 percent less than the Q3 figure. Fewer ransoms are being paid compared to those demanded too. The percentage for the last quarter of 2021 held steady in the low twenties, down significantly from figures that once were over 50 percent. As recently as Q3 2020, the ratio was 44 percent.
So why the decrease? Underwriters requiring stronger backups for insurance coverage is believed to be helping to drive a broader trend toward more sophisticated and resilient approaches to reducing ransomware risk.
The change isn’t across the board, however, the average claim reached nearly $400,000 within the professional services industry in Q4 2021, the highest in that timeframe. On the other hand, healthcare, which saw an alarmingly high average in claim severity at the start of the year, returned to a historically low average, with zero ransomware claims recorded in Q4 2021.
Survey respondents highlight a lack of resources and the overall complexity of security as key driving factors currently preventing improvements in their defenses. Smaller companies (with under 50 employees) are more concerned with staying up to date with new threats, while larger organizations are more concerned with vendor breaches, bringing to light the fact that many companies may fail to emphasize and act on the need for an internal security culture.
“We are in the midst of a critical and challenging time for security professionals,” says Phil Edmundson, founder and CEO of Corvus Insurance. “As the security landscape shifts and threat actors continue to evolve their attacks, this report provides the data-driven analysis critical for organizations to navigate and prepare for adverse events in this new cyber age.”
The full report is available from the Corvus site.
Photo Credit: Carlos Amarillo/Shutterstock