Corvus: Ransomware Attacks Fall
The Corvus Risk Insights Index is a compilation of industry trends and data
analysis based on the company’s proprietary IT security scanning technology, the
Corvus Scan, in addition to results from its Policyholder Cybersecurity
Benchmarking Survey, sent to current Cyber and Technology Errors & Omissions
(Tech E&O) policyholders.
Ransomware claims, costs, and severity
One of the best indicators of overall cybercrime activity is the rate of ransomware claims in the Corvus book of business. Based on Corvus’s claims data, after all of the dire headlines throughout 2021 the end of the year presented signs of improvement:
This decrease in cost and severity can be partially attributed to underwriting entities requiring stronger backups for insurance coverage, which is helping to drive the broader trend toward more sophisticated and resilient approaches to mitigating ransomware risk.
The data also revealed spikes in claims tied to major cybercrime events including the Microsoft Exchange Server vulnerability and the Kaseya ransomware attack. While these events were enough to significantly, but temporarily, impact the month-by-month ransomware claims rate, the overall average severity of claims declined.
As the cyber threat landscape continues to evolve, Corvus’s Risk Insights Index™ touched on Russia's ongoing invasion of Ukraine, which has included a hybrid warfare model involving cyber attacks against public and private sector organizations. While attacks have led to increased concerns over potential collateral damage, Corvus observed a 30% reduction in ransomware claims frequency from Q4 2021 to Q1 2022 (through March 15), highlighting the fractured ransomware threat ecosystem during a time of war.
Severity is lowered, but not across the board
The overall severity of ransomware costs by industry shifted significantly over the past year. The report indicates a decreasing cost impact on education and social services, while the professional services industry (including but not limited to law firms, consulting firms, and architecture firms) experienced increased ransomware costs. The data highlights that:
The decreasing claims severity within healthcare may be tied to dissipating public fears and subsequent exploitation by threat actors during the height of the COVID-19 pandemic.
SMBs still playing cyber strategy catch up
Corvus’s first Policyholder Cybersecurity Benchmarking Survey, conducted in Q4 2021, showed that SMBs are still building their cyber investments. The survey was deployed to Corvus’s Cyber and Tech E&O policyholders, with the nearly 300 respondents’ titles ranging from C-suite to Vice Presidents, Directors, and IT Managers. Participants’ company size ranged from fewer than 50 employees to over 250. The results showed that SMBs are primarily concerned with external threats — attack vectors including ransomware and phishing — and revealed:
Survey respondents highlighted a lack of resources and the overall complexity of security as key driving factors currently preventing improvements in their defenses. Smaller companies (<50 employees) are more concerned with staying current on new threats, while larger organizations are more concerned with vendor breaches, bringing to light the fact that many companies may fail to emphasize and act on the need for an internal security culture.
“We are in the midst of a critical and challenging time for security professionals,” said Phil Edmundson, Founder and CEO of Corvus Insurance. “As the security landscape shifts and threat actors continue to evolve their attacks, this report provides the data-driven analysis critical for organizations to navigate and prepare for adverse events in this new cyber age.”