Chris Hendricks, head of incident response at Coalition, said this good news comes as “organizations [become] increasingly aware of the threat ransomware poses.” In fact, Coalition policyholders experienced 50% fewer claims compared to the broader market. The severity of these claims has also waned, with almost half of the incidents resolved at no cost.
“They have started to implement controls such as offline data backups that allow them to refuse to pay the ransom and restore operations through other means,” Hendricks said.
However, the lower effectivity rate of ransomware attacks has caused hackers to turn to more “reliable” phishing methods like funds transfer fraud (FTF) to target individual employees. The percentage of claims with phishing as the primary attack vendor jumped from 42% in H2 2021 to 58% in H1 2022.
Small- to medium-sized organizations under $25 million in revenue are asked to be more vigilant since they have fewer resources to respond to attacks. H1 2022 saw the average cost of a claim for a small business increase 58% to $139,000.
“Across industries, we continue to see high-profile attacks targeting organizations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors,” Catherine Lyle, head of claims at Coalition, said. “Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that active insurance is accessible.”
With ransomware gangs on the rise, Coalition warned that cyber incidents have the power to put small organizations out of business, which is why they need an active approach to managing risk.
“Our claims data on the top cyber incident trends reinforces the need for continued vigilance from organizations of all sizes,” Coalition wrote in the report. “Cyber criminals have created a profitable revenue model that is here to stay.”