The general consensus recently amongst insurance brands, cyber security specialists and software companies is that cyber crime, hacking and ransomware is on the up. But this data from Corvus paints a different, more nuanced picture. It does seem to be affecting smaller businesses disproportionately – in terms of impact on trade – but the general trend for Corvus clients is downwards. Hmm, interesting.
Here’s the word;
Corvus Insurance has released findings from its fourth Corvus Risk Insights Index™, a compilation of industry trends and data analysis based on the company’s claims data, threat intelligence research, and proprietary scanning technology, the Corvus Scan.
In the early months of 2023, there was a sudden global explosion in the frequency of ransomware attacks with 452 new victims’ data appearing on dark web leak sites in March — a 60 percent increase year-on-year according to Corvus’s analysis of dark web sources. Despite the rise in observed activity, the rate of claims at Corvus has continued to trend downward this year.
“Following a year of decline in 2022, the early months of 2023 have brought a sudden explosion of ransomware attacks globally. This time, though, fewer organizations are caught off guard,” said Jason Rebholz, Chief Information Security Officer at Corvus Insurance. “More of them have cyber insurance, for one thing — along with enhanced security controls required by insurers since ransomware’s previous peaks. More organizations are able to face down attackers. Left unchecked, ransomware will continue to flourish. Corvus policyholders have not seen the same increase in ransomware activity, which we attribute to better security controls and proactive risk management.”
In this latest edition of the Corvus Risk Insights Index™, Corvus’s experts — including data scientists, underwriters, cybersecurity professionals, and claims managers — reflect on the past year, current trends, and what’s to come in the remainder of 2023.
Ransomware Claims, Costs, and Severity
Corvus routinely monitors its book for trends and compares that to global ransomware trends through its threat intel team, allowing for a broader look at trends across the industry.
Notable Ransomware Findings:
- 2022 was a year of decline. Corvus observed a 52% reduction in ransomware claims over the full year, and a 62% decline from Q1 2021 to Q4 2022. Corvus also observed a 45% reduction in the total number of victims whose information was posted on the dark web.
- Attacks against U.S. companies were far less frequent in 2022, compared to other countries. While the U.S. saw 45% fewer victims posted on the dark web, Corvus discovered a nearly 20% increase in ransomware across all other countries in 2022 versus 2021.
- Ransomware attacks began to spike again in March 2023. Outside the Corvus book of business, 452 victims appeared on leak sites in the U.S., a 60% increase over the previous year. Meanwhile, claims on the Corvus book of business continued to decline.
- The number of claimed extortion victims industry-wide in March 2023 stands at 349, according to dark web leak sources. This is a 31% increase over February 2023, a 23% increase year-over-year. March remains one of the highest months on record.
- The smallest businesses bear the brunt of attacks as a percentage of revenue. A business with $50 million in revenue pays 4.5x more as a percentage of revenue for the average cyber claim than a business with $250 million in revenue.