The number of companies in the U.S. and Canada hit by cyber extortion has reached a record high in 2023, with unprecedented ransom demands, according to the report “Ransomware: a persistent problem in cyber insurance claims” by global insurance broker Marsh, according to its website.
It notes that nevertheless, as cybercriminals become bolder in their requests, more companies are refusing to pay.
Overall, 21% of Marsh’s clients reported cyber events in 2023, the vast majority of which were privacy claims and system attacks leading to unauthorized access and potentially exposed data.
According to Marsh , this rate has remained fairly stable over the past five years – between 16% and 21% – suggesting in part that companies’ cyber controls are keeping pace with the increasing sophistication and frequency of cyberattacks.
However, a record 282 ransomware incidents were reported to Marsh in 2023, a 64% increase from 2022. Although ransomware accounts for only 17% of all filed cybercrimes, ransomware remains a major concern for organizations given its increased frequency, sophistication, and potential severity.
Indeed, the average ransom demand rose to $20 million in 2023 from $1.4 million, while the average payment made was $6.5 million, reflecting the effectiveness of ransomware negotiations, Marsh notes in the report.
Only 23% of its clients affected by cyber extortion in 2023 paid ransom. Most (77%) refused, reflecting a growing trend. In 2021, only 37% of Marsh’s clients rejected cybercriminals’ demands.
