Skip Ribbon Commands
Skip to main content

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​

 

‭(Hidden)‬ Catalog-Item Reuse

Over Half of Cyber Claims Originate in Email Inboxes

More than half of all 2023 cyber insurance claims were a result of funds transfer fraud (FTF) or business email compromise (BEC), according to a Coalition report.
Sponsored by
over half of cyber claims originate in email inboxes

More than half (56%) of all 2023 cyber insurance claims were a result of funds transfer fraud (FTF) or business email compromise (BEC), according to Coalition's "2024 Cyber Claims Report," which details emerging cyber trends and their impact on Coalition policyholders throughout 2023. Additionally, ransomware accounted for 19% of claims, while other events, such as errors and misuse, resulted in 25% of claims last year.

During 2023, the frequency of FTF claims increased by 15% year over year, and severity increased by 24%, leading to an average loss of more than $278,000. Also, BEC frequency increased by 5% year over year while severity decreased by 15%, according to the report.

“Threat actors want to get paid, and the email inbox has proven to be an easy place for an attacker to uncover payment information and potentially intervene in payment processes to steal funds," said Robert Jones, head of global claims at Coalition.

Overall, claims frequency increased 13% in 2023 from 2022 while claims severity increased 10%, resulting in an average loss of $100,000, according to the report. This was primarily due to a surge of ransomware claims in the first half of 2023. However, 52% of all reported matters were handled without any out-of-pocket payments by the policyholder, the report said.

Additionally, an increase in cyberattack claims frequency was seen across all revenue bands, with businesses between $25 million and $100 million in revenue seeing the sharpest spike (32%). Businesses with more than $100 million in revenue saw a 14% increase in frequency, while businesses with less than $25 million in revenue experienced an 8% increase.

Overall, claims severity stabilized in the latter half of 2023 but was still up 21%. Also, claims severity among businesses with under $25 million in revenue increased 10% year over year, while businesses between $25 million and $100 million saw severity increase by 9%.

Highlighting the importance of an active approach to cyber risk management, the report states that while global ransomware payments hit $1 billion, Coalition policyholder's ransomware severity dropped by 54% while frequency and demands both dropped in the second half of 2023—although not enough to offset the surge in the first half of 2023.

The report also reveals that firewalls, virtual private networks (VPNs), and other boundary devices can help reduce cyber threats. Additionally, businesses should be aware that certain devices can actually increase the likelihood of a cyber claim if they have known vulnerabilities.

“Policyholders using internet-exposed remote desktop protocol were 2.5 times more likely to experience a claim," said Shelley Ma, incident response lead at Coalition's affiliate, Coalition Incident Response. “With new AI tools making it even easier to execute targeted cyberattack campaigns and identify exploitable assets, having an active partner that can help protect your organization from digital risk is crucial."

Olivia Overman is IA content editor. 

17751
Thursday, June 13, 2024
In the News