Ransomware Severity Spikes in First Half of 2024: Coalition

Businesses experienced average loss of $353,000

October 16, 2024 Photo

Overall ransomware severity increased 68% in the first half of 2024 to an average loss amount of $353,000, according to Coalition’s 2024 Cyber Claims Report: Mid-Year Update. Furthermore, ransomware drove a 14% increase in overall claims severity, with an average loss amount of $122,000. “Threat actors targeted larger businesses and reaped the benefits with increased paydays,” the report states.

Claims by Event Type and Revenue

“Business email compromise (BEC) accounted for nearly one-third of all reported claims in 1H 2024, marking a 9% increase for the historically low-severity event type…. The increases are largely attributed to businesses between $25 million and $100 million in revenue…and businesses with more than $100 million in revenue.”

Claim frequency among businesses with less than $25 million in revenue increased by 1%; those with $25 million to $100 million in revenue decreased by 10%; and those with $100 million or more decreased by 6% in H1 2024.

The other types of events that produced claims were funds transfer fraud (27%) ransomware (18%), and other (23%), according to the report.

“The decreases in claims frequency among both businesses with $25 million to $100 million in revenue and businesses with $100 million+ in revenue were more than offset by increases by claims severity,” states the report.

Third-Party Disruption Created Aggregate Risk

“Two material cyber risk aggregation events occurred in 1H 2024: Change Healthcare and CDK Global,” according to the report. “A risk aggregation event is a single cyber event that causes widespread loss to other organizations; an event is deemed ‘material’ based on the number of impacted policyholders.”

The attacks on Change Healthcare and CDK Global, the report notes, both “served as illuminating examples of how digital risk can quickly become more tangible for all of us.” When Change Healthcare was attacked, claims processing slowed or stopped for thousands of hospitals and medical groups, and impacted over 90% of pharmacies across the U.S., with total losses projected to reach $1.6 billion, states the report. It adds that the CDK Global attack “disrupted a network of 15,000 auto dealers and led to an estimated $1 billion in losses.”

Severity and Frequency

“In general, ransomware has been fairly seasonal with consistent drop-offs in the summer months and spikes during winter holidays,” according to Coalition. “After a volatile 2023, in which ransomware severity spiked to nearly $402,000 in the first half of the year before falling to $239,000 in the back half, threat actors reinvigorated the cybercrime with one [of] the highest returns on investment.”

Overall ransomware frequency, however, decreased 10% in 1H 2024, falling to 0.28% from 0.31% in all of 2023.

Businesses with internet-exposed login panels were 3.1 times more likely to experience a claim in 1H 2024, states the report. “Business often have legitimate reasons to have login panels visible to the public internet, such as with virtual private networks (VPN). Coalition strongly recommends businesses enforce multi-factor authentication for all VPN users and ensure they’re running the latest firmware—both of which help protect against brute force attacks, compromised credentials, and known vulnerabilities.”

photo
About The Authors
Angela Sabarese

Angela Sabarese, Associate Editor of CLM. angela.sabarese@theclm.org

Sponsored Content
photo
Daily Claims News
  Powered by Claims Pages
photo
About The Community
  CMPL

CLM’s Cyber, Management & Professional Liability Community helps raise awareness of issues and trends in the management & professional liability insurance marketplace, with an emphasis on litigation management through a collaborative effort between insurance companies and brokerages, claims organizations and service providers.

photo
Community Events
  CMPL
No community events